Windows 8 and 8.1 Forums


Vulnerability in Microsoft Graphics Component

  1. #1


    Posts : 22,576
    64-bit Windows 10

    Vulnerability in Microsoft Graphics Component


    General Information

    Executive Summary

    Microsoft is investigating private reports of a vulnerability in the Microsoft Graphics component that affects Microsoft Windows, Microsoft Office, and Microsoft Lync. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Microsoft Office products.

    The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images. An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. For information about protections released by MAPP partners, see MAPP Partners with Updated Protections.

    Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

    Mitigating Factors:

    • An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
    • In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.

    Recommendation. Please see the Suggested Actions section of this advisory for more information.
    Source: Microsoft Security Advisory (2896666): Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution

      My System SpecsSystem Spec

  2. #2

    Microsoft warns of Office zero-day, active hacker exploits


    Computerworld - Microsoft today said that attackers are exploiting a critical and unpatched vulnerability in Office 2007 using malformed documents to hijack Windows PCs and said Office 2003 and Office 2010 are also vulnerable.

    The bug can be triggered by a malformed image file viewed on a website or in an email message if one of those versions of Office is installed on the system.
    "We are aware of targeted attacks, largely in the Middle East and South Asia," Dustin Childs, a communications manager with the Microsoft Security Response Center (MSRC) said in a Tuesday blog entry.
    Microsoft warns of Office zero-day, active hacker exploits - Computerworld
      My System SpecsSystem Spec

  3. #3


    Bay Area
    Posts : 21,839
    Windows 7 Home Premium x64


    Microsoft Security Advisory: Vulnerability in Microsoft graphics component could allow remote code execution

    warning   Warning
    The Fix it solution described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios.


    https://support.microsoft.com/kb/2896666

    A Guy
      My System SpecsSystem Spec

  4. #4


    Covington, La
    Posts : 1,184
    Windows 7 HP 64bit, Windows 8.1 Pro w/Media Center 64BIT


    Quote Originally Posted by A Guy View Post
    Microsoft Security Advisory: Vulnerability in Microsoft graphics component could allow remote code execution

    warning   Warning
    The Fix it solution described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios.


    https://support.microsoft.com/kb/2896666

    A Guy
    Quote from Computerworld article:

    In an email received from a company spokesperson, Microsoft set the record straight, saying that the vulnerable scenarios are: Office 2003 and Office 2007 on all platforms; Office 2010 on XP and Server 2003 only; and all supported versions of Lync.
    Jim
      My System SpecsSystem Spec

Vulnerability in Microsoft Graphics Component
Related Threads
Serious vulnerability in Microsoft’s anti-malware engine​Yesterday, Microsoft released a security advisory informing customers about a vulnerability in the Microsoft Malware Protection Engine, which is found in several products including Windows Defender, Microsoft Security Essentials, and...
Source: Microsoft Releases Security Advisory 2953095 - MSRC - Site Home - TechNet Blogs See also: Microsoft Security Advisory (2953095): Vulnerability in Microsoft Word Could Allow Remote Code Execution
Hey people! I tried some Microsoft Office products that came with my computer but it ran out D: So I bought the disc version. When I tried to install it, I got this error: http://i.imgur.com/XZEhPAJ.png It is not under installed programs so I cannot 'uninstall' it. Please help me! I...
Read more at: Microsoft closes Office 365 admin access vulnerability | ZDNet
Hello, First time poster, so sorry if this is in the wrong thread. I just bought a new Samsung Ativ Book 8 and upgraded to Windows 8.1. I'm into a lot of things requiring older operating systems like Windows 98, and the best VM to handle these older OS is VPC 2007 SP1. I have gone through and...
Microsoft Ignores Windows Vulnerability Found by Google Engineer
Eight Forums Android App Eight Forums IOS App Follow us on Facebook