Microsoft released Security Advisory 2896666 which relates to a vulnerability in the Microsoft Graphics component that affects Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync.
Microsoft is aware of targeted attacks primarily in the Middle East and South Asia that attempt to exploit this vulnerability in Microsoft Office products.
The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images. The vulnerability is exploited either through previewing or opening a specially crafted email message or file. It is also exploited by browsing similarly web content. The attacker could gain the same user rights as the current user.
RecommendationsMicrosoft has made available a Fix it solution which will disable the TIFF codec. Below are the links to both enable and disable the Fix it solution.
|Enable Fix it||Disable Fix it|
Another option is to install the Enhanced Mitigation Experience Toolkit (EMET), described in the "workarounds" section of the Tech Net Advisory.
- CVE Reference: CVE-2013-3906
- Microsoft KB Article 2896666: Microsoft Security Advisory: Vulnerability in Microsoft graphics component could allow remote code execution
- MSRC: Microsoft Releases Security Advisory 2896666
- Security Research & Defense: CVE-2013-3906: a graphics vulnerability exploited through Word documents
- Tech Net Advisory: Microsoft Security Advisory (2896666) Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...