Microsoft narrows down the software affected by recent exploits

Office 2007 is one of the Microsoft products affected by the recent exploit attacks.

On Tuesday, Microsoft released a security advisory, alerting owners of several of its software products that an exploit had been discovered that was being used in targeted attacks.  Today, Microsoft offered up a clarification on Tuesday's security advisory which narrows down the software products that are affected by the exploits. Originally, the company said the issue affected Windows Vista, Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync.

Today's post stated that so far the only attacks have been directed against Office 2007 running on Windows XP. The exploit itself affects Office 2003 and 2007 and is present regardless of the version of Windows that are used by those programs. Office 2010 also has the exploit, but only when used on a PC with Windows XP or Windows Server 2003.

All versions of Lync are included on this security advisory, again no matter which version of Windows it is used on. The two operating system that have the affected component are Windows Vista and Windows Server 2008. Microsoft has released a quick Fix it solution which should close the exploit, but it is still working on a full security patch that is designed to close the issue permanently.

Source: Microsoft | Image via Wikipedia

Report a problem with article
Previous Story

Xbox Music and Video apps for Windows 8.1 get updates

Next Story

Google to require all Windows Chrome extensions to come from Chrome Web Store

14 Comments

Commenting is disabled on this article.

HA! i win! i have the Norton Corporate 2000 CD somewhere in the way back archive of CDs from the beginning of 00's....

Still though, it is reasonable to expect to not get infected when opening a file that is not an executable -- and .doc vulnerabilities that can cause an attacker to take complete control of a system are few and far between.

This very vulnerability uses maliciously crafted .TIFF files (that's a picture format!) -- and you can get infected by merely viewing them. Historically, there have been exploits with .jpg files as well -- thinking way back I think there even was a .cur vulnerability during the Windows XP SP2 days because the parser code for .cur files was a Windows 95 vestige and easily targetable.

This is a GDI+ vulnerability, but Windows 7 and higher are not affected. Perhaps they retooled the TIFF parser?