Microsoft Warns of Zero-Day Attacks

wiredmikey writes "Microsoft released an advisory today warning users about a new zero-day under attack in targeted campaigns occurring in the Middle East and South Asia. According to Microsoft, the vulnerability resides in the Microsoft Graphics component and impacts certain versions of Windows, Microsoft Office and Lync. The problem exists in the way specially-crafted TIFF images are handled. To exploit the vulnerability, an attacker would have to convince a user to preview or open a specially-crafted email message, open a malicious file or browse malicious Web content. If exploited successfully, the vulnerability can be used to remotely execute code. The vulnerability affects Office 2003, 2007 and 2010 as well as Windows Server 2008 and Windows Vista. Right now, Microsoft Word documents are the current vector for attack."

Already there

[suso]

Don't they already put that warning on the box?

Translated summary

[Gravis Zero]

"Microsoft released an advisory today warning users about a new zero-day flaw that we'll fix when we damn well feel like it. The digital holy war is targeting the Middle East and South Asia. According to Microsoft, the vulnerability resides in the Microsoft Graphics component and impacts certain versions of Windows, Microsoft Office and Some Failed Skype Imitation. The problem exists in our poorly written TIFF reader. To exploit the vulnerability, an attacker will email you and when you open it, you are fucked. It will download and install malware and there is nothing you can do about it. The vulnerability affects those new versions of Office that we insisted you needed to upgrade to and Shoddy Server 2008 and Windows 7 - 1. Right now, opening a Microsoft Word document could ruin your week or your month."