MS warns about the use of CVE-2013-3906 in-the-wild

The company's specialists report that attackers actively exploit Remote Code Execution (RCE) vulnerability CVE-2013-3906 in the OS (Windows Vista SP2 and Windows Server 2008 SP2), Office (2003-2007-2010) and the Microsoft Lync program. The vulnerability is related to incorrect processing of TIFF image files by various OS components and company products. Through a specially crafted TIFF file, an attacker can trigger remote code execution. The file can be delivered via e-mail or a malicious web page. When opening such content on a vulnerable system, attackers can install malicious code into the user's system with obtaining the rights of the current account.







A complete list of vulnerable software is available here .

')

Microsoft Advisor for Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, released today. We are aware of targeted attacks, largely in the Middle East and South Asia. This is the latest version of Microsoft Windows. It was a crafted Word attachment.

The company recommends using the following recommendations before the release of security fix.

• Use the Fix it tool, which is available at this link and disables the codec for playing TIFF files for the OS and the corresponding installed products. Please note that this can be done manually using the modification of the registry value and detailed instructions in the Suggested Actions -> Workarounds section.
• Use the EMET tool. The latest version of which (EMET v4) already contains all the recommended settings in the active state after installation (the running applications are already included in the list of monitored). The following EMET options are used to mitigate exploit actions: StackPointer, Caller, SimExec, MemProt.