Windows Vista, Lync, older Office versions under attack via new vulnerability

Attackers are exploiting security holes found in older versions of Office and Windows, plus current versions of Lync.

Microsoft warned Tuesday that attackers are actively targeting Windows Vista, as well as Microsoft Office 2003 through 2010, with an attack that would give hackers the same rights as the victim.

Microsoft's Security Advisory 2896666 warns that Vista, the two Office versions, Windows Server 2008, and all versions of Lync are vulnerable, Microsoft warned in a blog post.

"The exploit requires user interaction as the attack is disguised as an email requesting potential targets to open a specially crafted Word attachment," Microsoft said. "If the attachment is opened or previewed, it attempts to exploit the vulnerability using a malformed graphics image embedded in the document.  An attacker who successfully exploited the vulnerability could gain the same user rights as the logged-on user."

Attacks are actively occurring in the Middle East and South Asia, Microsoft said.

To fix it, Microsoft advised users to apply a Microsoft Fix It solution to prevent exploiting the TIFF file codec at the root of the problem. Microsoft also suggests deploying the Enhanced Mitigation Experience Toolkit (EMET) to prevent exploitation of the issue.

In general, Microsoft has pushed users to ditch Windows XP, as it will discontinue support of the OS in April of next year. XP isn't subject to this vulnerability, but the same advice applies. Microsoft said that users running current versions of Office and Windows aren't affected. Businesses may justifiably worry, however, that their employees running the collaboration tool, Lync, may be vulnerable. If any of this applies to you, patch, and patch now.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags Microsoftoperating systemssoftwareWindowsantiviruspatches

More about MicrosoftToolkit

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mark Hachman

Latest Videos

More videos

Blog Posts