Microsoft is urging customers to protect themselves from a newly discovered vulnerability that allows hackers to take control of a victim’s computer remotely through a sophisticated zero-day attack infecting Windows machines.
Dustin Childs, the group manager of Microsoft’s Response Communications team, announced on Tuesday that the company was aware of an issue affecting computers running the Windows 7, Windows Vista, and Windows XP operating system and several versions of Microsoft Office, the likes of which could let a malicious hacker take control of a target’s machine simply by tricking the victims’ computer into attempting to render a .TIFF image.
According to Childs, computers are being compromised when victims are tricked into opening emails that include “special crafted” Microsoft Word document attachments that contain coding that lets the hackers exploit a vulnerability using a malformed graphics image embedded in the file itself.
If the attack is executed correctly, the vulnerability allows a hacker to gain the same privileges of the computer’s legitimate user at the time of attack, meaning a malicious actor could gain access to any files and documents used by a victim that’s tricked into opening the Word document. Larry Seltzer with ZDNet wrote that the attack takes advantage of a bug in the way some TIFF files are handled, resulting “in memory corruption which may be exploited by the attacker to take control of execution.”
So far Microsoft hasn’t released a number with regards to have many computers have been compromised, but machines running Windows’ Office 2003, 2007 and some installations of the 2010 version are all vulnerable for attack. That isn’t to say that everyone with a Windows computer should consider themselves targets, however, as Microsoft has suggested that hackers are exploiting the vulnerability in only certain locales. According to Jaime Blasco, the head of AlienVault Labs security company, the firm has uncovered documentation pertaining to infected computers suggests the command-and-control machine used to mastermind the attacks is targeting computers with IP addresses in Pakistan, including the country’s intelligence agency and military.