Microsoft has advised in an official statement that it has discovered a vulnerability in some older version of Windows and Office that has allowed a series of coordinated attacks on hundreds of users of the affected programs. The infection comes from malware sent by email; if the email attachment is opened, it exploits the security gap. To avoid this, Microsoft recommends a series of security measures while they work to find a solution.
The vulnerability affects users of Windows Vista, Windows Server 2008, Microsoft Lync, and Office 2003, 2007, and 2010, and involved a security problem with managing images in TIFF format. The attackers sents mass emails with a Word document, which included an embedded TIFF file that injected the malicious software. Users of the aforementioned programs who clicked on the file may have compromised their system security.
The company has announced that the most recent versions of both Windows and Office are not affected, but it has nevertheless requested that users apply stricter configuration settings while they launch a security patch that corrects the problem during the rest of this month. To do so, they recommend disabling the TIFF codec by using this security patch, installing the Enhanced Mitigation Experience Toolkit, and activating a firewall on your system, whether Windows’ own or an external one.
