SophosLabs today raised the Threat Level to “High Risk,” due to a vulnerability in the Microsoft Graphics component that could allow remote code execution. The flaw affects Microsoft Windows, Microsoft Office, and Microsoft Lync.
Our High Risk designation means there is a strong possibility of this vulnerability being actively exploited by malware.
According to SophosLabs, Microsoft has yet to release a patch to fix this vulnerability. In the meantime, we recommend running the FixIt tool provided by Microsoft to block the vulnerability until a patch is released.
Microsoft said it is aware of targeted attacks using specially crafted TIFF images that can exploit this vulnerability in Microsoft Office and compromise the system. SophosLabs has not seen any samples in the wild exploiting this vulnerability. Read the SophosLabs advisory here.
And visit our Threat Dashboard for more information on the threats we’re tracking.