Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Vulnerability in Microsoft Graphics Component Could Allow Remote Code

05 Nov 2013   #1
Microsoft MVP

64-bit Windows 8.1 Enterprise
 
 
Vulnerability in Microsoft Graphics Component Could Allow Remote Code

Quote:
General Information

Executive Summary

Microsoft is investigating private reports of a vulnerability in the Microsoft Graphics component that affects Microsoft Windows, Microsoft Office, and Microsoft Lync. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Microsoft Office products.

The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images. An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. For information about protections released by MAPP partners, see MAPP Partners with Updated Protections.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Mitigating Factors:
  • An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.
Recommendation. Please see the Suggested Actions section of this advisory for more information.
Source: Microsoft Security Advisory (2896666): Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution

My System SpecsSystem Spec
.

06 Nov 2013   #2

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

Microsoft Security Advisory: Vulnerability in Microsoft graphics component could allow remote code execution

warning   Warning
The Fix it solution described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios.


https://support.microsoft.com/kb/2896666

A Guy
My System SpecsSystem Spec
06 Nov 2013   #3
NoN

Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
 
 

Patched Windows Vista Service Pack 2 yesterday....
Quote:
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.
It doesn't affect windows 7 but tend to tell us that web browsing is not that safer!
My System SpecsSystem Spec
.


Reply

 Vulnerability in Microsoft Graphics Component Could Allow Remote Code




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:49 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33