Microsoft Security Advisory 2896666 with Fix it

Corrine

Administrator,
Microsoft MVP,
Security Analyst
Staff member
Joined
Feb 22, 2012
Posts
12,415
Location
Upstate, NY
Microsoft released Security Advisory 2896666 which relates to a vulnerability in the Microsoft Graphics component that affects Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync.

Microsoft is aware of targeted attacks primarily in the Middle East and South Asia that attempt to exploit this vulnerability in Microsoft Office products.

References and and the Fix it to disable the TIFF codec area available in my blog post at Microsoft Security Advisory 2896666 with Fix it.
 
The issues in Security Advisory 2896666 will not be included in the scheduled updates for November. Although Microsoft has only detected only aware of targeted attacks against Office 2007 on Windows XP, the following additional guidance was provided regarding the affected installations by Dustin Childs in the below-linked MSRC post:

"For Office:

Office 2003 and Office 2007 are affected regardless of the installed operating system. Currently, we are only aware of targeted attacks against Office 2007 users.
Office 2010 is affected only if installed on Windows XP or Windows Server 2003. Office 2010 is not affected when installed on Windows Vista or newer systems.
Office 2013 is not affected, regardless of OS platform.

For Windows:

Supported versions of Windows Vista and Windows Server 2008 ship with the affected component but are not known to be under active attack.
Other versions of Windows are not directly impacted. Customers who use these systems are only impacted if they have an affected version of Office or Lync.

For Lync clients:

All supported versions of Lync client are affected but are not known to be under active attack."

Users of Windows Vista, Windows Server 2008, Lync or the above-described installations of Office are advised to enable the Fix it solution, available from my post here.

MSRC Blog Post: Clarification on Security Advisory 2896666 and the ANS for the November 2013 Security Bulletin Release
 
Last edited:

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top