Microsoft Warns of Zero-Day Attacks

wiredmikey writes "Microsoft released an advisory today warning users about a new zero-day under attack in targeted campaigns occurring in the Middle East and South Asia. According to Microsoft, the vulnerability resides in the Microsoft Graphics component and impacts certain versions of Windows, Microsoft Office and Lync. The problem exists in the way specially-crafted TIFF images are handled. To exploit the vulnerability, an attacker would have to convince a user to preview or open a specially-crafted email message, open a malicious file or browse malicious Web content. If exploited successfully, the vulnerability can be used to remotely execute code. The vulnerability affects Office 2003, 2007 and 2010 as well as Windows Server 2008 and Windows Vista. Right now, Microsoft Word documents are the current vector for attack."

Re:New Attack? 0 Day?

[tbuddy]

Microsoft, Apple, and even our dear Linux all have had issues with previewing malcrafted images. If seeing this on a patch notes shocks you I'll assume you haven't read many patch notes. TIFF is surprising as that hasn't been a huge attack vector, but I've seen in the hundreds of notes I've read as an IT peon where formats have been an issue. More often it is PDF, EMF, WMF, but TIFF isn't out of the question
It is a file format that is pretty low on the level of requiring correct formatting and is more or less abandoned by its owner, Adobe. I bet their is a grip of EPS exploits out there for Microsoft's viewer, but very few people would open those. Everyone know EPS is "an Adobe" and forward them on to the graphics department.

Re:Already there

[recoiledsnake]

You just described Windows RT.

Re:New Attack? 0 Day?

TIFF is a scary format in general because it's been extended in so many bizarre ways to support document mangagement systems. For ex, there's actually a standard for embedding PDFs inside of a TIFF (rather than visa-versa).