A new vulnerability related to the parsing of TIFF
images was found in the Microsoft Graphics component that affects
Microsoft Windows, Microsoft Office, and Microsoft Lync. Microsoft published Security Advisory 2896666 explaining the details. Microsoft Fix it 51004 is available to alleviate the problem until an update is available.
Our initial research of the exploit indicates that this vulnerability
is capable of affecting Microsoft Office versions 2003, 2007, and 2010
(Office 2010 vulnerability is limited to Windows XP and Server 2003
operating systems) and that it will fail on machines viewing the
documents in protected mode (ActiveX support in documents disabled).
While it is not easy to determine if computers have ActiveX enabled for
Office documents, it is possible to profile vulnerable combinations of
Microsoft Windows and Office to help understand the attack surface. Our telemetry feeds indicate the following breakdown of Microsoft
Office versions deployed in enterprise environments:
- Office 2003 – 5%
- Office 2007 – 30%
- Office 2010 – 41%
- Office 2013 – 14%
As we can see in the sample below, the remote download location for a
dropper is embedded in the
malicious Word document:
…(read more)