Microsoft is urging customers to protect themselves from a newly discovered vulnerability that allows hackers to take control of a victim’s computer remotely through a sophisticated zero-day attack infecting Windows machines.
Dustin Childs, the group manager of Microsoft’s Response Communications team, announced on Tuesday that the company was aware of an issue affecting computers running the Windows Vista operating system and several versions of Microsoft Office, the likes of which could let a malicious hacker take control of a target’s machine simply by tricking the victims’ computer into attempting to render a .TIFF image.
According to Childs, computers are being compromised when victims are tricked into opening emails that include “special crafted” Microsoft Word document attachments that contain coding that lets the hackers exploit a vulnerability using a malformed graphics image embedded in the file itself.
If the attack is executed correctly, the vulnerability allows a hacker to gain the same privileges of the computer’s legitimate user at the time of attack, meaning a malicious actor could gain access to any files and documents used by a victim that’s tricked into opening the Word document. Larry Seltzer with ZDNet wrote that the attack takes advantage of a bug in the way some TIFF files are handled, resulting “in memory corruption which may be exploited by the attacker to take control of execution.”
And while Microsoft acknowledged that attacks using this exploit are currently targeting machines throughout the Middle East and South Asia, a complete and total fix isn’t expected to arrive anytime soon. Childs admitted that a fix is in the works, but experts suggest Microsoft won’t be ready to roll out any sort of permanent patch next week when the company plans to unveil a series of patches on Tuesday, November 12.
"I would not expect it on Patch Tuesday," Andrew Storms, director of DevOps at San Francisco-based CloudPassage, told ComputerWorld on Tuesday. "If it was IE [Internet Explorer], maybe. And I don't think they're taking any chances, what with the problems with some updates lately. They'll move very cautiously on this, unless their telemetry shows that attacks have really spread."
So far Microsoft hasn’t released a number with regards to have many computers have been compromised, but machines running Windows’ Office 2003, 2007 and some installations of the 2010 version are all vulnerable for attack. That isn’t to say that everyone with a Windows computer should consider themselves targets, however, as Microsoft has suggested that hackers are exploiting the vulnerability in only certain locales. According to Jaime Blasco, the head of AlienVault Labs security company, the firm has uncovered documentation pertaining to infected computers suggests the command-and-control machine used to mastermind the attacks is targeting computers with IP addresses in Pakistan, including the country’s intelligence agency and military.
McAfee Labs first became aware of the vulnerability and attempts to exploit it last Thursday and admitted in a blog post this week that they immediately began working with Microsoft to analyze the zero-day formally acknowledged this Tuesday.