Microsoft today accepted that its Windows Vista, Windows Server 2008, Office 2003, Office 2007 and Office 2010 and all supported versions of Microsoft Lync are currently being exploited due to a new remote code execution vulnerability.
Microsoft’s acceptance means that millions of computers using either of the above softwares/OS are prone to remote attacks from hackers. Microsoft said that the flaw was being exploited as a part of a targeted attack in “largely in the Middle East and South Asia.” But the good news is that if you are using the current versions of Microsoft Windows i.e. Windows 7 or Windows 8 as well as Office 2013 or Office 365, you are safe.
If you are still using the Windows Vista, Windows Server 2008, Office 2003, Office 2007 or Office 2010 kindly take following precautions. The exploit can only take place if you trigger it which means that without your explicit interaction the vulnerability cant be exploited. The attackers send a disguised email requested you to open a nicely worded and specially prepared Word Document. If you open the said document or even preview it, you execute the remote code and your computer is bound to be compromised. The code gets executed using a malformed TIFF image embedded in the Word Document. Any user who executes the above code opens the flood gates for the hacker granting him all the user rights that the user has.
As of now Microsoft has not released any PATCH for the vulnerability but you can save your computer with the help of following workarounds :
1. Go here and download the ‘Disable the TIFF Codec’ Download and executing this will disable the opening of the TIFF code in the attachment containing the WORD DOCUMENT.
2. You can also download and execute the Enhanced Mitigation Experience Toolkit (EMET) and save your computer from any further loopholes if they occur.
Microsoft has also said that you should enable Microsoft’s firewall, Security Essentials, apply all updates that Microsoft is releasing for this vulnerability as well as install a very strong Anti-Virus and Anti-Spyware software on your computer.
It should also be noted that the attack can come through website as well as Microsoft says that attackers can create websites to execute the TIFF codec. So kindly do not visit websites you are not familiar with and do not repeat do not open or click suspicious attachments even from your friends and colleagues without confirming it with them.
You can visit Microsoft’s website for further information here. We will inform all the readers about any PATCH as and when Microsoft releases it.
