FYI...
Clarification on Security Advisory 2896666 ...
- https://blogs.technet.com/b/msrc/arc...edirected=true
7 Nov 2013
___
Microsoft Security Advisory (2896666)
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2896666
5 Nov 2013 - "Microsoft is investigating private reports of a vulnerability in the Microsoft Graphics component that affects Microsoft Windows, Microsoft Office, and Microsoft Lync. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Microsoft Office products. The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images...
Workarounds: Disable the TIFF codec
Note See Microsoft Knowledge Base Article 2896666* to use the automated Microsoft Fix it solution..."
* https://support.microsoft.com/kb/2896666
Enable this Fix it - Microsoft Fix it 51004...
- https://support.microsoft.com/kb/2896666#appliesto
- http://blogs.technet.com/b/srd/archi...documents.aspx
5 Nov 2013 - "... Security Advisory 2896666 which includes a proactive Fix it workaround for blocking this attack..."
___
- https://secunia.com/advisories/55584/
Release Date: 2013-11-06
Criticality: Extremely Critical
Where: From remote
Impact: System access ...
... vulnerability is currently being actively exploited in targeted attacks.
Provided and/or discovered by: Reported as 0-day.
Original Advisory: Microsoft (KB2896666):
http://technet.microsoft.com/en-us/s...visory/2896666
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3906 - 9.3 (HIGH)
Last revised: 11/07/2013 - "... allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013"
0-Day Attack on Office...
- http://krebsonsecurity.com/2013/11/m...ack-on-office/
5 Nov 2013 - "... the exploit combines multiple techniques to bypass exploit mitigation techniques such as data execution prevention (DEP) and address space layout randomization (ASLR). The company says this exploit will -not- affect Office 2013, but will affect older versions such as Office 2003 and Office 2007..."
- http://blogs.technet.com/b/srd/archive/2013/11.aspx
Nov 5, 2013 - "... the exploit combines multiple techniques to bypass DEP and ASLR protections... Office 2010 uses the vulnerable graphic library, it is only affected only when running on older platforms such as Windows XP or Windows Server 2003, but it is -not- affected when running on newer Windows families (7, 8 and 8.1)..."