Once again, hackers have discovered and exploited a software weakness to gain unauthorised access to computer systems.
Microsoft is currently investigating a vulnerability in the Microsoft Graphic component that affects Microsoft Windows, Office and Lync. The company has stated that the vulnerability is caused when one of these systems fails to properly handle specially created tagged image file format (TIFF) files.
Hackers are using the weakness in the software to execute remote code and gain the same user rights as the current user. To do this, they simply have to convince users to open specially crafted emails, attachments or web content. If they succeed in this aim, attackers can then carry out a number of actions on the affected system, including installing programs or viewing data.
In a blog post, response communications manager Dustin Childs advised affected users:
“We always encourage customers to follow the ‘protect your computer’ guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software,” he said, adding that users should be wary of suspicious links and email messages from unknown senders.
Whilst they develop a security update to solve the problem, Microsoft has advised affected users to apply ‘Workarounds’, a setting that can help to block known attack routes or employ Microsoft’s Enhanced Mitigation Experience Toolkit (EMET).
A statement on their website makes clear that: “Upon completion of [our] investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.”
The firm has also drawn attention to the fact that users with administrative user rights are more likely to be targeted than users with fewer user rights on the system. As with many cyberthreats, vigilance is the best form of defence.