In a rare out-of-schedule security advisory, Microsoft has posted word that it has become aware of targeted attacks on a newly found exploit that affects many of its currently supported software programs. They include Windows Vista, Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync.
In a blog post today, Microsoft stated the current attacks have been reported mostly in the Middle East and South Asia. It added:
The exploit requires user interaction as the attack is disguised as an email requesting potential targets to open a specially crafted Word attachment. If the attachment is opened or previewed, it attempts to exploit the vulnerability using a malformed graphics image embedded in the document. An attacker who successfully exploited the vulnerability could gain the same user rights as the logged on user.
Microsoft says it is working on a software patch that will permanently close this exploit. In the meantime, the company has a temporary solutionthat will disable the TIFF codec. Microsoft said that the update will prevent the current exploit from being used on the affected programs and operating systems. Again, the current advisory is limited to a number of older products except for all versions of Microsoft Lync.