Tuesday, November 05, 2013

Microsoft Security Advisory 2896666 with Fix it

Security Advisory
Microsoft released Security Advisory 2896666 which relates to a vulnerability in the Microsoft Graphics component that affects Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync.

Microsoft is aware of targeted attacks primarily in the Middle East and South Asia that attempt to exploit this vulnerability in Microsoft Office products.  

The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images.  The vulnerability is exploited either through previewing or opening a specially crafted email message or file.  It is also exploited by browsing similarly web content.  The attacker could gain the same user rights as the current user.

Recommendations

Microsoft has made available a Fix it solution which will disable the TIFF codec. Below are the links to both enable and disable the Fix it solution. 
 
Enable Fix itDisable Fix it


Another option is to install the Enhanced Mitigation Experience Toolkit (EMET), described in the "workarounds" section of the Tech Net Advisory.

References:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

1 comment:

Anonymous said...

Thank you Corrine. Applied Fix on my Vista Home Premium.
Basil