Checkmarx Named a Leader in The Forrester Wave: SAST

Microsoft releases Security Advisory, Windows Users at Risk

In a sudden turn of events, Microsoft has released a Security Advisory regarding vulnerability in some of its most common software versions. This security flaw can allow hackers to execute codes remotely by gaining full access to user’s computers.

There is no information regarding victims and hacked businesses, but Microsoft has promised a Security Update through their next monthly release.People using the following software platforms have been asked to take steps to protect their computers:

  • Windows Vista
  • Windows Server 2008
  • Microsoft Office 2003-2010
  • Microsoft Lync

The problem lies in the handling of the Tagged Image File Format (TIFF) by the Graphics Processing Component in the vulnerable software versions. The hackers require “user interaction” and this can be achieved with the help of malicious emails with MS Word attachments or crafted web content. Windows users are advised to avoid phishing scam emails and stay away from suspicious web content.

Users with computers running Windows XP, 8, 8.1 and RT can breathe a sigh of relief. These software versions have been deemed safe for the time being and no action is needed.

Dustin Childs, response communications manager for Microsoft, has said that the attacks are currently concentrated in the Middle East and Southern Asia. Administrators with full access to Microsoft Systems are at high risk and have been asked to take steps to keep the hackers at bay. The Microsoft Fix It solution and disabling the TIFF Codec are currently the best ways to neutralize the dangerous vulnerability.

Childs also went on to encourage the use of firewalls, installing all available Windows updates from and investing in effective anti-virus and anti-spamming software. Microsoft has traditionally been unable to provide relatively secure platforms, unlike Mac and Linux. Only time will tell if these security issues will be ironed out and let the users work in a safe environment.

Official Microsoft Security Advisory

Dustin C.Childs Blog Post

Microsoft Safety & Security Center

Jump to Category