There is no information regarding victims and hacked businesses, but Microsoft has promised a Security Update through their next monthly release.People using the following software platforms have been asked to take steps to protect their computers:
The problem lies in the handling of the Tagged Image File Format (TIFF) by the Graphics Processing Component in the vulnerable software versions. The hackers require “user interaction” and this can be achieved with the help of malicious emails with MS Word attachments or crafted web content. Windows users are advised to avoid phishing scam emails and stay away from suspicious web content.
Users with computers running Windows XP, 8, 8.1 and RT can breathe a sigh of relief. These software versions have been deemed safe for the time being and no action is needed.
Dustin Childs, response communications manager for Microsoft, has said that the attacks are currently concentrated in the Middle East and Southern Asia. Administrators with full access to Microsoft Systems are at high risk and have been asked to take steps to keep the hackers at bay. The Microsoft Fix It solution and disabling the TIFF Codec are currently the best ways to neutralize the dangerous vulnerability.
Childs also went on to encourage the use of firewalls, installing all available Windows updates from and investing in effective anti-virus and anti-spamming software. Microsoft has traditionally been unable to provide relatively secure platforms, unlike Mac and Linux. Only time will tell if these security issues will be ironed out and let the users work in a safe environment.
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.