SophosLabs today raised the Threat Level to “High Risk,” due to a vulnerability in the Microsoft Graphics component that could allow remote code execution. The flaw affects Microsoft Windows, Microsoft Office, and Microsoft Lync.
Our High Risk designation means there is a strong possibility of this vulnerability being actively exploited by malware.
According to SophosLabs, Microsoft has yet to release a patch to fix this vulnerability. In the meantime, we recommend running the FixIt tool provided by Microsoft to block the vulnerability until a patch is released.
Microsoft said it is aware of targeted attacks using specially crafted TIFF images that can exploit this vulnerability in Microsoft Office and compromise the system. SophosLabs has not seen any samples in the wild exploiting this vulnerability. Read the SophosLabs advisory here.
To stay on top of advisories like this one, join the Sophos FreeTalk Threat Awareness forum and follow our Support teams on Twitter.
Stay connected with SophosLabs on Twitter and on YouTube. Read up on the latest breaking news from our experts at Naked Security.
And visit our Threat Dashboard for more information on the threats we’re tracking.
Leave a Reply