Microsoft warns of security vulnerability of some products

on 09:43
WASHINGTON - Global software giant Microsoft is investigating reported potential threat of hackers exploiting "vulnerability" in its operating system to gain user rights to the affected computers.

Warning that attackers could exploit this vulnerability by requesting users to preview or open a specially crafted email or web content, Microsoft has issued a statement pointing to products of possible vulnerabilities that may be exploited by hackers.
microsoft-logo


The issue affects Microsoft Windows Vista, Windows Server 2008, Microsoft Office 2003 - 2010, and Microsoft Lync. A warning on potential problems has been published on the Microsoft website. Recent versions of Microsoft Windows and Office are not affected by the issue - which centres on a graphics component

While many of its latest products look like they may be unaffected by this particular issue, the list is extensive.

Microsoft describes the issue as: "The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF (Tagged Image File Format) images."

While the warning may seem unnecessary to an Internet savvy person, the reality is that a large number of consumers aren't aware of the risks, and as such, the average every day user, will be the main victim of this crime.

As the Los Angeles Times points out, the number of undergraduates that were able to spot a phishing scam email when put to the test, were worryingly few.

"An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights," the Microsoft warned.

Microsoft said it would take appropriate action to address the issue, which "may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs".

In the meantime, it has advised customers to apply workarounds - a setting or configuration change that "does not correct the underlying issue but would help block known attack vectors before a security update is available".

In a blog post on the Microsoft Security Response Centre, Dustin Childs a communications manager, said any move by hackers "requires user interaction".

He said that the attacks are disguised as an email requesting potential targets to open a specially crafted Word attachment.

If the attachment is opened or previewed, it attempts to exploit the issue using a malformed graphics image embedded in the document.

However, it added that an attacker would have "no way to force users to view the attacker-controlled content".

"Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website."

Microsoft has said that it is aware of the targeted attacks having argely taken place in the Middle East andSouth Asia.

Last month Microsoft awarded $100,000 (62,760 pounds) to a British hacker for finding loopholes in its operating system that would leave it open to cyber-attacks. 

Source : Source: Big News Network (United Arab Emirates)

Filled Under:

0 commentaires:

Post a Comment

 
© Copyright 2013 usath3pro informatics blog
Designed by Templateism.