Warning that attackers could exploit this vulnerability by requesting users to preview or open a specially crafted email or web content,
The issue affects Microsoft Windows Vista, Windows Server 2008, Microsoft Office 2003 - 2010, and Microsoft Lync. A warning on potential problems has been published on the
While many of its latest products look like they may be unaffected by this particular issue, the list is extensive.
While the warning may seem unnecessary to an Internet savvy person, the reality is that a large number of consumers aren't aware of the risks, and as such, the average every day user, will be the main victim of this crime.
As the
"An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights," the
In the meantime, it has advised customers to apply workarounds - a setting or configuration change that "does not correct the underlying issue but would help block known attack vectors before a security update is available".
In a blog post on the Microsoft Security Response Centre,
He said that the attacks are disguised as an email requesting potential targets to open a specially crafted Word attachment.
If the attachment is opened or previewed, it attempts to exploit the issue using a malformed graphics image embedded in the document.
However, it added that an attacker would have "no way to force users to view the attacker-controlled content".
"Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website."
Last month
0 commentaires:
Post a Comment