GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote malicious users to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
microsoft office 2010 |
||
microsoft office 2007 |
||
microsoft office 2003 |
||
microsoft windows vista |
||
microsoft windows server 2008 |
||
microsoft lync 2010 |
||
microsoft lync 2013 |
||
microsoft lync basic 2013 |
Eight Microsoft Security Bulletins are being pushed out this month, MS13-096 through MS13-106. Five of them are rated “Critical” and another six are rated “Important”. The top priorities to roll out this month are the critical GDI+ (MS13-096), Internet Explorer (MS13-097), and Scripting Runtime (MS13-099) updates. Several of the vulnerabilities have been actively exploited as a part of targeted attacks around the world, and one of them is known to be ItW for at least six months or so. Th...
Two days ago FireEye reported that the recent CVE-2013-3906 exploit has begun to be used by new threat actors other than the original ones. The new infected documents share similarities with previously detected exploits but carry a different payload. This time these exploits are being used to deliver Taidoor and PlugX backdoors, according to FireEye. At Kaspersky Lab we have also detected that yet another APT group has just started spreading malicious MS Word documents exploiting CVE-2013-3906...
Plus: Adobe and Google also push out vuln-busting patches
November's edition of Patch Tuesday brought relief from an IE zero-day exploit but a TIFF image-handling vulnerability under active attack from hackers remains unpatched. Microsoft released a total of five bulletins, three of which are marked up as critical and five of which are designated as important. The patch batch collectively addresses 19 vulnerabilities in Windows and Office software. MS13-088 fixes 10 vulnerabilities in all supported versions of Internet Explorer (IE 6, 7, 8, 9, 10 and 1...
On November 5, Microsoft announced the discovery of a new vulnerability CVE-2013-3906 which can be exploited when TIFF images are processed. By exploiting this vulnerability it is possible to attack software – including Microsoft Office and Lync – that uses a vulnerable DLL for processing TIFF images. On the same day, there were reports that Microsoft had recorded attacks that exploit CVE-2013-3906. Several malware samples became available to us that exploit CVE-2013-3906. We analyzed th...
It's Operation Hangover. Word
Both cybercrooks and cyberspies have seized on a recently discovered and as-yet-unpatched Microsoft vulnerability to run attacks. Hackers have seized on the zero-day vulnerability, starring a buggy Microsoft graphics component, to run attacks featuring malicious Word documents. Microsoft issued a temporary workaround last week, and confirmed at the time that the exploit had been abused in "limited" and targeted attacks "largely in the Middle East and South Asia”. A pre-release notice from Redm...
Vulmon