Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Is this Microsoft alert a new one?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
taffy078 Is this Microsoft alert a new one?
Contributor 6th Nov, 2013 07:11
Ranking: 408
Posts: 1,340
User Since: 26th Feb, 2009
System Score: 100%
Location: UK
or is the reporter rehashing old news?

http://www.bbc.co.uk/news/technology-24814999


--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003

mogs RE: Is this Microsoft alert a new one?
Expert Contributor 6th Nov, 2013 08:40
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 6th Nov, 2013 08:59
@taffy078

Morning !! It's a new one.....found more on it here :-
http://news.softpedia.com/news/Microsoft-Finds-Maj...

November 6th, 2013, 06:24 GMT · By Bogdan PopaBLOG
Microsoft Finds Major Security Flaw in Windows Vista, Office 2010

Microsoft has released a new advisory this morning to inform users about a security flaw it found in several products that would allow an attacker to get the same rights as the logged-on user.

The company says that the flaw exists in Windows Vista, Windows Server 2008, Microsoft Office 2003 through 2010 and Microsoft Lync, and relies on a specially crafted Word attachment delivered by email.

“The exploit requires user interaction as the attack is disguised as an email requesting potential targets to open a specially crafted Word attachment. If the attachment is opened or previewed, it attempts to exploit the vulnerability using a malformed graphics image embedded in the document. An attacker who successfully exploited the vulnerability could gain the same user rights as the logged on user,” Microsoft said in a statement.

At the same time, Redmond has also confirmed that several targeted attacks have been recorded in the Middle East and South Asia, with the current versions of Windows and Office not affected by the issue.

At this point, Microsoft is still working on a patch, but the company rolled out a Fix it solution that disables the TIFF codec and prevents exploitation of the bug.







--
Was this reply relevant?
+1
-0
Maurice Joyce RE: Is this Microsoft alert a new one?
Handling Contributor 6th Nov, 2013 09:19
Score: 11786
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 6th Nov, 2013 13:45
Microsoft have released the detail:

https://technet.microsoft.com/en-us/security/advis...

Just sign up for their notifications & you will get the information direct from the "horses mouth".

EDIT

Secunia have now issued an SA.

http://secunia.com/advisories/55584/

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
mogs RE: Is this Microsoft alert a new one?
Expert Contributor 6th Nov, 2013 14:02
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@taffy

There's another article appeared here:-
NOVEMBER 06, 2013
Deciphering Microsoft Security Advisory 2896666 on Word zero-day exploit
Here's the straight story on Microsoft's uninformative, poorly worded security advisory about attacks delivered via a bug in the TIFF codec shipping with Office

By Woody Leonhard | InfoWorldFollow @woodyleonhard
http://www.infoworld.com/t/office-software/deciphe...

Bottom line !
So it's a safe bet that unless you're running a highly sensitive computer in the Middle East or South Asia, you aren't likely to encounter the problem. Yet.

Regards.....mogs.......


--
Was this reply relevant?
+0
-0
taffy078 RE: Is this Microsoft alert a new one?
Contributor 6th Nov, 2013 18:32
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
thanks Mogs, Maurice.

Maurice - I thought that I was signed up - in fact I know that I was but it looks like I've fallen off their database.

I've just tried to sign up again but there's a problem - they recognise me from my old 'Live' sign-in so to sign up again I've got to go through Live and set up a dummy account to get up-to-date news. They really are a shambles at the moment!

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
Maurice Joyce RE: Is this Microsoft alert a new one?
Handling Contributor 6th Nov, 2013 19:23
Score: 11786
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
If you do not close "Live" accounts correctly there could be issues. I visit many who have the same type of problem - once they pay my call out fee I will do it for them & set up a new account!!

If you are adamant the Microsoft system does not work you should contact Support outlining how you closed your old account with the confirmation details they sent you & screen shots of your attempts to create a new account.

What is stopping you signing in to the old account?



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer