Today we released Security Advisory 2896666 regarding an issue that affects customers using Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync. We are aware of targeted attacks, largely in the Middle East and South Asia. The current versions of Microsoft Windows and Office are not affected by this issue. The exploit requires user interaction as the attack is disguised as an email requesting potential targets to open a specially crafted Word attachment.  If the attachment is opened or previewed, it attempts to exploit the vulnerability using a malformed graphics image embedded in the document.  An attacker who successfully exploited the vulnerability could gain the same user rights as the logged on user.

While we are actively working to develop a security update to address this issue, we encourage our customers concerned with the risk associated with this vulnerability, to deploy the following Fix it from the advisory:

  • Apply the Microsoft Fix it solution, "Disable the TIFF Codec" that prevents exploitation of the issue
    See Microsoft Knowledge Base Article 2896666 to use the automated Microsoft Fix it solution to enable this workaround.
  • Deploy the Enhanced Mitigation Experience Toolkit (EMET)
    This will help prevent exploitation by providing mitigations to protect against the issue and should not affect usability of any programs.  An easy guide for EMET installation and configuration is available in KB2458544.

As a best practice, we always encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software.  We also encourage customers to exercise caution when visiting websites and avoid clicking suspicious links or opening email messages from unfamiliar senders.  Additional information can be found at www.microsoft.com/protect.

We are monitoring the threat landscape very closely and will continue to take appropriate action to help protect customers.

Thank you,

Dustin Childs
Group Manager, Response Communications
Trustworthy Computing