Zero-day targeted attacks via boobytrapped Word documents. Microsoft releases temporary fix


tiff-170Microsoft has issued a warning to users that malicious hackers have been using a previously unknown zero-day vulnerability to launch targeted attacks against particular computers.

The remote code execution flaw, which has been dubbed CVE-2013-3906, exploits a vulnerability in a Microsoft graphics component.

According to the firm, the attack has been largely spread via boobytrapped Microsoft Word documents, distributed by email, and has largely targeted computers belonging to companies based in the Middle East and South Asia.

By using the social engineering trick of disguising the email as something enticing, victims are being fooled into opening the attached Word document (which has a malformed graphic TIFF image embedded within it) and infecting their PCs.

Microsoft Office Version Vulnerability
Office 2003 Affected
Office 2007 Affected
Office 2010 Affected only on Windows XP/Windows Server 2003
Office 2013 Not affected

However, it is possible that the same flaw could also be exploited by malicious hackers embedding a malformed TIFF file inside web content, and trick users into viewing it.

FixitIn a security advisory, published today, Microsoft has made available a Fix It tool - a temporary band-aid for the flaw, which it is urging at-risk users to install.

Of course, the hope is that Microsoft releases a proper fix for the vulnerability - and close the door permanently on future attacks exploiting the flaw - as soon as possible.

Microsoft argues that the fact that Office 2010 is only vulnerable on ageing Windows XP and Windows Server 2003 computers is another good argument for users to keep their operating systems up-to-date, and patched. (Regular readers will, no doubt, be aware that Windows XP will no longer receive security updates after April 2014).

It’s worth emphasising that unlike most fixes from Microsoft, the Fix-It tool will not be automatically rolled out to users. If you want to protect your computers from having the flaw exploited, you need to download and run the tool.

And then, like the rest of the internet, you have to hope that Microsoft will roll out a proper and permanent reliable patch for the problem with appropriate haste.

Details of further mitigations and workarounds are detailed in the Microsoft blog post and in an accompanying security advisory.

Further reading: Microsoft zero-day was used in Citadel Trojan campaign, as well as targeted attacks

Tags: , , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , , ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.