Microsoft's Windows and Office stick with serious flaws

Microsoft said that hackers could exploit a serious flaw in its software product line to gain user rights in affected computers.

According to Microsoft, the company has "realized intentional attacks" and is investigating. The software contains this vulnerability that Microsoft lists as Microsoft Windows Vista, Windows Server 2008, Microsoft Office 2003 - 2010, and Microsoft Lync . Current versions of Microsoft Windows and Office are not affected by this vulnerability.

Microsoft said, they will take appropriate action to resolve the issue, may provide " security update version in the monthly release, or provide security updates that are not included in the upgrade cycle. monthly, depending on customer needs ".

Meanwhile, the company also offers consumers the advice to solve problems - such as setting up or changing the configuration, although it " does not fix the underlying problem but will help the computer to identify risks." attack engine before security update ".

According to Microsoft, the error is in the processing of Tagged Image File Format ( TIFF) image files of the graphics processing component package in the affected software versions.

In a blog posted on the Microsoft Security Response Center, Mr. Dustin Childs, Microsoft's communications supervisor, said the attacks were disguised as an email and asked users to open the file. Word attached. If this attachment is opened or previewed, it will exploit the vulnerability by using a heterogeneous graphic image embedded in the file.

"An attacker who successfully exploited this vulnerability could gain user rights and log on to the computer as a user, " Childs said.

Microsoft also said that hackers could exploit vulnerabilities through a web-based attack. " Hackers can create a special website designed to exploit this vulnerability and then convince users to view the site, " the company announced.

However, Microsoft assumes that hackers will " have no other way than to force users to see the content they create. Hackers will have to convince users to enter the trap, usually by clicking on the link in the email or in Instant Messenger messages to lead users to the attacker's website ".