Last week, we reported on a security warning issued by Microsoft which concerned users of multiple versions of Windows Vista, Office 2008, and Windows Server 2008. This week, we learned that Microsoft won’t be addressing the issue in its latest round of patches, which they’re set to release tomorrow.
Microsoft explains that the “remote code execution vulnerability” is due to the way its software handles TIFF images, a format popular among photographers and the publishing industry.
“An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted Web content,” writes Microsoft. “An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
The lack of a patch for the TIFF exploit means that users of the Windows Vista, Office 2008, and Windows Server 2008 won’t see any relief from this problem for some time. However, it’s entirely possible that Microsoft could break with their tradition of releasing patches one a month, and release a patch for this specific issue sooner. On the same blog post where they announced the discovery of the TIFF issue, Microsoft said that they could provide an “out-of-cycle security update, depending on customer needs.”
Click here to see Microsoft’s security report, as well as a complete list of affected Microsoft software.
Image credit: SBnation
- Windows 10 just now became the most popular version of Windows
- Windows Lite: Everything you need to know
- Here are the big features to look out for in the upcoming Windows 10 19H1 update
- Windows is getting a face-lift in 2020, but you can get a sneak peek right now
- Microsoft will end support for Windows 7 one year from now