Microsoft today issued a security alert for some of its products. A vulnerability has been detected in Windows operating systems Vista and Server 2008, and in Microsoft products Office 2003-2010 and Lync. Hackers could potentially send a link via email or the Web to unsuspecting users, who would then be convinced to click it to view a Web page or Word document that, when opened, would let the hackers seize administrative control of the users’ machines.
The booby-trapped document would contain a TIFF image file that has been corrupted specifically to allow for entrance into a user’s machine. Users must click the link in order for the hack to work. Once opened, the document would execute the takeover command, and hackers could do whatever they wish with the system.
Microsoft is advising its customers to run the Microsoft Fix it solution entitled “Disable the TIFF Codec” and to apply the “Enhanced Mitigation Experience Toolkit” as a temporary workaround. Meanwhile, Microsoft is working on a security update to be pushed either in its monthly update cycle or as an off-cycle emergency patch.
The vulnerability does not exist for most of its other operating systems and software products. See the security update for a complete list of affected products. Meanwhile, if your system is infected, don’t click or touch any funny-looking links from people you don’t know.
VIA: The Next Web