The Hacker News
Microsoft has issued a temporary fix for a 0day vulnerability that can be exploited to install malware via infected Word documents.

A Zero-day Remote code execution flaw, which has been dubbed CVE-2013-3906, exploits a vulnerability in a Microsoft graphics component, to target Microsoft Office users running Windows Vista and Windows Server 2008.
"The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images," it said in the post. Vulnerability was reported to Microsoft by McAfee Labs senior security researcher Haifei Li.

A successful infection can give an attacker complete control over a system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Currently the company is only aware of targeted attacks mostly in the Middle East and South Asia, with attackers sending unsuspecting victims crafted Word documents with a tainted attachment.

"An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content."

According to Microsoft, the exploit combines multiple techniques to bypass exploit mitigation techniques such as ASLR (DEP) and address space layout randomization (ASLR).

The affected products are:
  • Windows Vista x86, x64
  • Windows Server 2008 x86, x64, Itanium, Server Core
  • Microsoft Office 2003
  • Microsoft Office 2007
  • Microsoft Office 2010 x86, x64
  • Microsoft Office Compatibility Pack
  • Microsoft Lync 2010 x86, x64
  • Microsoft Lync 2010 Attendee
  • Microsoft Lync 2013 x86, x64
  • Microsoft Lync Basic 2013 x86, x64
Windows 7 and 8 and Office 2013 and Office 365 are not affected.

Microsoft released a temporary 'Fix it' workaround that could block the attack by blocking rendering of the vulnerable TIFF graphic format by way of a registry key.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Gdiplus\DisableTIFFCodec = 1

The Enhanced Mitigation Experience Toolkit (EMET) helps mitigate the exploitation of this vulnerability by adding additional protection layers that make the vulnerability harder to exploit.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.