There is a new security warning out from Microsoft. This warning relates to a security flaw in the operating system Windows Vista as well as Microsoft Office 2003, 2007, 2010, Windows Server 2008 and Microsoft Lync.
The good news is that the exploit does require action on the part of the user to work. The exploit works by disguising it's self as an altered .tiff file in an attachment. Usually the attachment will take the form of a .doc (Word attachment). The document will contain a .tiff file that contains the exploit. If a user views or previews the document then the exploit can become activated. The attacker may then be able to gain the user rights and privileges of the logged in user and can execute code remotely. Microsoft also states that websites may also be a host for the exploit.
Unfortunately there's no patch for this vulnerability yet. Nor is there any firm time frame from Microsoft for a patch to be released. There are however several things users can do to stay safe. As always, be careful about receiving emails with attachments, and take care with the websites that are visited. Use antivirus and anti-malware software and ensure this is kept up to date. A firewall will also help protect you from exploits such as this.
Microsoft has released a quick fix to prevent the exploit. If you are vulnerable you can download the "Disable the TIFF Codec" this will prevent the exploit from functioning. Users can also use the Enhanced Mitigation Experience Toolkit (EMET), this will mitigate the exploit and prevent it from functioning.
As with any security exploit, prevention is the best remedy! Practice safe computing practices and you will avoid the majority of exploits, viruses and malware! Have you been hit by this exploit? Share your experience in the comments!