If you use aged versions of Windows or Microsoft Office, be on the lookout; Redmond issued a security warning today.
In their latest Security Advisory report, Microsoft states that they are investigating reports of vulnerabilities in multiple versions of Windows Vista, Windows Server 2008 and Microsoft Office. They’re also aware of “targeted attacks” that try to take advantage of a security hole in Office.
Here’s how Microsoft describes the vulnerability:
“[It’s] a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images. An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
The report indicates that a hacker who attacks a PC using this vulnerability could gain the same rights to the machine that the user has, even administrative rights. However, the hacker would also be bound do whatever restrictions the user is limited to in the event that they do not have administrative rights access. Hackers could also attack a machine with this vulnerability if a user clicked an affected link in an email or instant message, or opened a tainted email attachment.
Microsoft says that they are working with partners in this investigation and could choose to address the issue by releasing an update. The update may fall in line with Microsoft’s monthly update schedule, though the report states that the patch could be released “out-of-cycle.” Which route Microsoft goes depends on “customer needs.”
Click here to see the report, and a complete list of the affected Microsoft software.
Editors' Recommendations
- Best Microsoft Office deals: Get Word, PowerPoint, and Excel for free
- The latest Windows update is breaking VPN connections
- Windows 11 might nag you about AI requirements soon
- Microsoft Word free trial: Get a month of service for free
- Save $150 on a lifetime license for Microsoft Office for PC