Microsoft's Windows and Office stick with serious flaws
Microsoft said that hackers could exploit a serious flaw in its software product line to gain user rights in affected computers.
According to Microsoft, the company has "realized intentional attacks" and is investigating. The software contains this vulnerability that Microsoft lists as Microsoft Windows Vista, Windows Server 2008, Microsoft Office 2003 - 2010, and Microsoft Lync . Current versions of Microsoft Windows and Office are not affected by this vulnerability.
Microsoft said, they will take appropriate action to resolve the issue, may provide " security update version in the monthly release, or provide security updates that are not included in the upgrade cycle. monthly, depending on customer needs ".
Meanwhile, the company also offers consumers the advice to solve problems - such as setting up or changing the configuration, although it " does not fix the underlying problem but will help the computer to identify risks." attack engine before security update ".
According to Microsoft, the error is in the processing of Tagged Image File Format ( TIFF) image files of the graphics processing component package in the affected software versions.
In a blog posted on the Microsoft Security Response Center, Mr. Dustin Childs, Microsoft's communications supervisor, said the attacks were disguised as an email and asked users to open the file. Word attached. If this attachment is opened or previewed, it will exploit the vulnerability by using a heterogeneous graphic image embedded in the file.
"An attacker who successfully exploited this vulnerability could gain user rights and log on to the computer as a user, " Childs said.
Microsoft also said that hackers could exploit vulnerabilities through a web-based attack. " Hackers can create a special website designed to exploit this vulnerability and then convince users to view the site, " the company announced.
However, Microsoft assumes that hackers will " have no other way than to force users to see the content they create. Hackers will have to convince users to enter the trap, usually by clicking on the link in the email or in Instant Messenger messages to lead users to the attacker's website ".
You should read it
- What are TIFF files?
- Detects 'long-standing' security vulnerabilities in Microsoft Office
- How to fix BlueKeep security error for Windows 2003, Windows XP, Windows 7, Windows Server 2008
- Microsoft released an emergency security patch for a serious vulnerability
- IBM developed a new technology to patch security holes
- AMD CPUs also have security vulnerabilities that have existed for many years now!
- 5 common errors in managing security vulnerabilities
- Find security holes on every site with Nikto
- Windows 7 users need to install Microsoft patches immediately to fix BlueKeep security errors
- 9 misconceptions about security and how to resolve
- How to fix errors for ACL and SAM vulnerabilities on Windows
- Microsoft fixes a serious security hole
Maybe you are interested
What is Microsoft Azure Certification?
Cybercriminals are using Microsoft Teams calls to commit fraud
Microsoft officially supports sharing files from iPhone to Windows using Phone Link application
Microsoft 365 Android PDF Viewer shows ads, even with subscription
10 Useful Table Formatting Tips in Microsoft Word
Here's everything Microsoft knows about your PC!