MS warns of operating CVE-2013-3906 in-the-wild

The company’s experts report that attackers are actively exploiting Remote Code Execution (RCE) vulnerability CVE-2013-3906 in OS (Windows Vista SP2 and Windows Server 2008 SP2), Office (2003-2007-2010) and Microsoft Lync. The vulnerability is associated with incorrect processing of TIFF image files by various OS components and company products. Through a specially crafted TIFF file, an attacker can provoke remote code execution. The file could be delivered via e-mail or a malicious web page. When opening such content on a vulnerable system, attackers can install malicious code into the user's system with obtaining the rights of the current account.



A complete list of vulnerable software is available here .

Today we released Security Advisory 2896666 regarding an issue that affects customers using Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync. We are aware of targeted attacks, largely in the Middle East and South Asia. The current versions of Microsoft Windows and Office are not affected by this issue. The exploit requires user interaction as the attack is disguised as an email requesting potential targets to open a specially crafted Word attachment.

The company recommends using the following recommendations before the release of security fixes.

• Use the Fix it tool, which is available at this link and disables the playback codec for TIFF files for the OS and related installed products. Please note that this can be done manually using the modification of the registry value and detailed instructions in the Suggested Actions -> Workarounds section.
• Use the EMET tool . The latest version of which (EMET v4) already contains all the recommended settings in the active state after installation (operating applications are already included in the list of monitored). The following EMET options are used to mitigate the exploit: StackPointer, Caller, SimExec, MemProt.