Windows Vista, Lync & Previous Versions of Office Seeing Targeted Attacks
Update (November 8, 2013): According to Microsoft, the known targeted attacks are against Office 2007 running Windows XP. Still, the company has narrowed down the software affected by the vulnerability in a Microsoft graphics component that could allow remote code execution.
For Office, Office 2003 and Office 2007 are affected regardless of OS. At the moment, Microsoft is only aware of targeted attacks against the latter. For Office 2010, it's only affected if it's installed on Windows XP or Windows Server 2003. If you've Office 2010 on a Windows Vista or newer machine, you're okay. As mentioned before, the latest version of Office, Office 2013, is safe regardless of OS.
For Windows, Windows Vista and Windows Server 2008 are affected by the vulnerability (because they're shipped with the affected component), but there's no known active attack. Other versions of Windows aren't affected unless they've installed the affected version of Office or Lync. Lastly, all supported versions of the Lync client are affected, but again, they're not known to be under active attack.
A quick Fix it solution is available (see below) while Microsoft works on a full security patch.
Originally reported on November 6, 2013:
In a security advisory, Microsoft is warning users of Windows Vista, Windows Server 2008, Microsoft Office 2003 through 2010, and Microsoft Lync of possible targeted attacks, which at the moment are happening mainly in the Middle East and South Asia. The vulnerability is exploited through a malformed image that’s embedded in a Word document. The attack usually comes disguised as an email and it requires the user to open or preview the document. If the attack is successful, the attacker will gain the same user rights as the logged on user. This vulnerability doesn’t affect those using the most current version of Windows and Office.
Until a security update is issued, Microsoft encourages users to deploy the following solution:
1. Apply the Microsoft Fix it solution, “Disable the TIFF Codec” that prevents exploitation of the issue: See Microsoft Knowledge Base Article 2896666 to use the automated Microsoft Fix it solution to enable this workaround.
2. Deploy the Enhanced Mitigation Experience Toolkit (EMET): This will help prevent exploitation by providing mitigations to protect against the issue and should not affect usability of any programs. An easy guide for EMET installation and configuration is available in KB2458544.