0-day hole found in MS, patch coming in Dec.
Posted by: Timothy Weaver on 11/11/2013 04:49 PM [ Comments ]
Both cybercrooks and cyberspies are running attacks on a recently disclosed flaw that is currently unpatched and will not be included in the upcoming Patch Tuesday.
Using a buggy Microsoft graphics component, Hackers have seized on the zero-day vulnerability to run attacks featuring malicious Word documents.
Microsoft issued a temporary workaround last week.
The vulnerability (CVE-2013-3906) involves the processing of TIFF graphics format files and is present in Microsoft Office 2003, 2007 and 2010 and some of the older Windows Operating Systems.
The good news is that Microsoft has already released a temporary Fix it that blocks the attack.
The fix will be released in the Dec. 10th patch Tuesday.
Microsoft issued a temporary workaround last week.
The vulnerability (CVE-2013-3906) involves the processing of TIFF graphics format files and is present in Microsoft Office 2003, 2007 and 2010 and some of the older Windows Operating Systems.
The good news is that Microsoft has already released a temporary Fix it that blocks the attack.
The fix will be released in the Dec. 10th patch Tuesday.
Comments