Microsoft has cautioned its consumers on vulnerabilities in some of its operating systems that could be used by hackers to obtain user rights.
Microsoft has cautioned its consumers on vulnerabilities in some of its operating systems that could be used by hackers to obtain user rights.
The arising problem affects Microsoft Windows Vista, Windows Server 2008, Microsoft Office -2010 and Microsoft Lync which centers on a graphics component.
Before taking appropriate action over the problem, which would be possibly providing a security update through the company’s monthly release process, customers are advised to apply workarounds.
To do this users set a configuration change that does not correct the underlying issue, but would help block attack vectors before a security update is available, Dustin Childs, communications manager, explains in a Microsoft blog post
The attacks are masked as an email requesting potential targets to open a specially crafted Word attachment, which attempts to exploit the issue using malformed graphics image embedded in the document. This will give the hacker same user rights as the logged on user.
It could be via a web-based attack in which an attacker could host a specifically crafted website that is designed to exploit this vulnerability to convince the user to view the website.
“Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an instant Messenger message that takes users to the attacker’s website.” said Childs.