Microsoft warns of security flaw in key software products

Microsoft has warned that hackers could exploit a zero-day vulnerability in the graphics component of several key products to gain control of users’ computers. The vulnerable component is found in Microsoft Windows Vista, Windows Server 2008, Microsoft Office 2003-2010 and Microsoft Lync.

The flaw lies in the handling of the Tagged Image File Format (TIFF) image files by the graphics processing component in the affected software. Attackers could exploit the vulnerability by requesting users to preview or open a specially crafted email or web content. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, but the impact would be lower on users who do not operate with full administrative rights.

Microsoft said it would take appropriate action to address the issue, which “may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs”.

Tags:

Leave a Comment