Today we released Security Advisory 2896666 regarding an issue that affects customers using Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync. We are aware of targeted attacks, largely in the Middle East and South Asia. The current versions of Microsoft Windows and Office are not affected by this issue. The exploit requires user interaction as the attack is disguised as an email requesting potential targets to open a specially crafted Word attachment. If the attachment is opened or previewed, it attempts to exploit the vulnerability using a malformed graphics image embedded in the document. An attacker who successfully exploited the vulnerability could gain the same user rights as the logged on user.If you follow the link to Microsoft's announcement they have links to tools that will make you safe until they come out with a patch to fix it.
Wednesday, November 6, 2013
Don't open Microsoft Office documents sent to you via email
Certainly not from people you don't know, and it's probably a good thing to reply to senders you do know asking if they actually sent the original email. There's a new security bug that is being exploited in the wild where attackers send a word document containing the attack:
When has it ever been safe to open an emailed Office document?
ReplyDeleteReminds me of the (very dated) joke: If you run I.B.M. Antivirus on a Windows 95 machine and select repair all does it uninstall '95 and replace it with OS/2?
ReplyDeleteSo unless the link they provide is to LibreOffice I am not interested.
I never do open docs from people I don't know, or docs that I don't expect.
ReplyDeleteThat said, I do open a lot of Word docs. I teach college composition, and get a lot of papers turned in by email.
Hopefully that won't be a problem...