Microsoft warns of targeted attacks on Windows Vista, Lync, Office, and more

In a rare out-of-schedule security advisory, Microsoft has posted word that it has become aware of targeted attacks on a newly found exploit that affects many of its currently supported software programs. They include Windows Vista, Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync.

In a blog post today, Microsoft stated the current attacks have been reported mostly in the Middle East and South Asia. It added:

The exploit requires user interaction as the attack is disguised as an email requesting potential targets to open a specially crafted Word attachment.  If the attachment is opened or previewed, it attempts to exploit the vulnerability using a malformed graphics image embedded in the document.  An attacker who successfully exploited the vulnerability could gain the same user rights as the logged on user.

Microsoft says it is working on a software patch that will permanently close this exploit. In the meantime, the company has a temporary solution that will disable the TIFF codec. Microsoft said that the update will prevent the current exploit from being used on the affected programs and operating systems. Again, the current advisory is limited to a number of older products except for all versions of Microsoft Lync.

Source: Microsoft | Image via Microsoft

Report a problem with article
Previous Story

HTC plans to sell cheaper smartphones to become profitable again

Next Story

Did Google accidentally reveal the Nexus 8?

23 Comments

Commenting is disabled on this article.

Word docs are incredibly powerful. A couple weeks ago, someone made iOS 7 in it. Now we find out that a Word doc can make your PC explode. I think Crysis 4 runs on Word as well.

Enron said,
Word docs are incredibly powerful. A couple weeks ago, someone made iOS 7 in it. Now we find out that a Word doc can make your PC explode. I think Crysis 4 runs on Word as well.

Adding on to your comment...

One of the main business reasons for using Word and Excel is they are an Application Platform, not just a wordprocessor and spreadsheet. This model goes back to Windows 2.0 days with Word and Excel and were very powerful even back then. I can remember creating GIS software inside Excel in 1991.

There are a lot of Excel programming examples out there that range from image/painting tools all the way to rendering 3D games like Doom. A lot of companies have entire systems built using Office as a platform, especially in semi custom solutions for medical/insurance/etc.

It is this 'platform' that Office provides that is missing in alternate solutions. Anything beyond a casual user soon hits that wall when even doing semi advanced 'macro' and programmatic work in Word or Excel.

Overlooking the 'platform' nature of Office is what amazes me about the Office alternatives; they don't get the programming aspect is important which is why Microsoft Office is preferred and needed for most professional users. Even the little things, like using it to conditionally format a few cells on a ledger sheet.

As a side note...
It isn't the 'programmability' of Office that this exploit uses, it is simply taking advantage of an older TIFF codec that is fired by decoding the TIFF image.

Most of my customers CONSTANTLY send back and forth are forwards in fact most what is in persons inbox is 95% forwards.

The one thing that scares me the most about Emails are forwards. It doesn't take much for a person to unintentionally email a virus to their entire address book. A forward is just a bunch of people sending unknown files back and forth to each other via email.

warwagon said,
Most of my customers CONSTANTLY send back and forth are forwards in fact most what is in persons inbox is 95% forwards.

People STILL do that? I remember back in the late 90s every email subject was "FW: fwd: fwd: FW:...." but I dont think Ive gotten one myself in 10 years.

Yes, people still do that even though we show them how much better using shares are. I don't know how many requirements documents I've got dumped on me which were several branches of some original document with people adding their little edits.

Lord Method Man said,

People STILL do that? I remember back in the late 90s every email subject was "FW: fwd: fwd: FW:...." but I dont think Ive gotten one myself in 10 years.

I bet 99.9% of those e-mails were from people who were on AOL, weren't they? That's all those people ever knew how to do!! I know a few people who have finally gotten off AOL and migrated to Yahoo mail or Gmail and STILL have that habit of forwarding everything!

Instead of telling them to at least use the bcc line, I now tell them to just post their crap on Facebook. About all that's good for anyway and seeing as how I don't use Facebook, i shouldn't have to see it long enough to delete it!!

Well, at least you still have to open the a Word doc, not as bad as the virus that propagates via sound waves....

Well, at least it does not affect Windows 7 and I don't use Lync.

Sometimes I wish I could go back in the past so I could carry a copy of patches from 5 years into the future and give to Microsoft, so they could slip stream it into the RTM release or do one ginormous patch day the product RTMs. So for instance, I would give MS SP3 for XP on August 23, 2001 and they slip stream along with all the post updates.

recursive said,
It saddens me that after all these years, you can still get pwned from opening a word document on Windows.

Actually it is a TIFF flaw, you know, something NOT from Microsoft...

Just like there are still people still falling for Nigerian spam. Even educated users who should know better often do it - that's life.

Mobius Enigma said,

Actually it is a TIFF flaw, you know, something NOT from Microsoft...

In that case, shouldn't sending the TIFF file be sufficient? Why embed it in a word file?

recursive said,

In that case, shouldn't sending the TIFF file be sufficient? Why embed it in a word file?


There have been a lot of TIFF exploits over the years, this is just a new variation to trick the codec that hasn't been used before. TIFF exploits work by referencing an external image/binary.

If this vulnerability exists in the Office codec, there is a really good chance that it also exists in various other TIFF decoding codecs used on other systems that were patched in the past for the previous type of exploit.

So technically, this is a flaw in the Codec that Office is using; however, this type of 'codec' code exists in a LOT OF PRODUCTS.

Do a quick reference search for TIFF exploits in the past and systems affected. From the iPhone and Android to even the PS3 have been affected by using 'common' TIFF decode codecs.

This is a flaw in TIFF codecs overall, but this particular one is a new take on the old trick and specifically is using Microsoft older Office TIFF codec.

It is unknown if the codecs in Office 2013 and Windows 8 are affected or not, but due to their protection modes, are not capable of gaining user level security access.

As an example, the same 'codec' could be used on WP8 and be exploited, but due to the protection system of Apps, it couldn't do anything, rendering it moot. This type of protection doesn't exist on iOS or Android, so if any App uses a similar or older TIFF codec, it could easily gain a variation of root level access and cause damage.

Just displaying the TIFF could fire the exploit depending on the Application or the OS library used to decode the image.

recursive said,

In that case, shouldn't sending the TIFF file be sufficient? Why embed it in a word file?

It could be an issue with the tiff library being used to overwrite memory inside Word that's linked to it.

Could also be that Word is just using w/e library is present on the system, probably the default, to preview/render the TIFF file inside of word. By doing so, it is executing the exploit code within the TIFF.