Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution

ITS Advisory Number: 
2013-104b
Date(s) Issued: 
Wednesday, November 6, 2013
Date Updated: 
Tuesday, December 10, 2013
Subject: 
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
Overview: 

Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution

ORIGINAL OVERVIEW:
A vulnerability has been identified within a Microsoft Graphics component that affects Microsoft Windows, Office and Microsoft Lync. Microsoft Windows is a family of operating systems. Microsoft Office is a suite of applications, servers and services for both Microsoft Windows and OS X. Microsoft Lync is an instant messaging client that replaced Windows Messenger.ÿ The vulnerability could allow remote code execution if a user visits a specially crafted webpage.ÿ Successful exploitation could result in the attacker gaining the same user rights as the current user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

December 10, 2013 - UPDATED OVERVIEW:
Microsoft has released a patch for this vulnerability in Microsoft Security Bulletin MS13-096.

Systems Affected: 
  • Microsoft Windows Vista
  • Microsoft Windows Server 2008
  • Microsoft Office 2003 through 2010
  • Microsoft Lync 2010 and 2013
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

ORIGINAL DESCRIPTION:
A vulnerability has been identified that exists in the way affected components handle specially crafted TIFF images that will allow remote code execution. An attacker could use this vulnerability by a user previewing or opening a specially crafted email message, opening a specially crafted file or browsing a specially crafted webpage.

Successful exploitation could result in the attacker gaining the same user rights as the current user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

December 10, 2013 - UPDATED DESCRIPTION:
Microsoft has released a patch for this vulnerability in Microsoft Security Bulletin MS13-096.

Actions: 
  • Consider implementing the workaround provided by Microsoft (https://support.microsoft.com/kb/2896666).
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Remind users not to open e-mail attachments from unknown users or suspicious e-mails from trusted sources.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.
References: 
Microsoft:
https://support.microsoft.com/kb/2896666
http://technet.microsoft.com/en-us/security/advisory/2896666
http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx
https://isc.sans.edu/forums/diary/TIFF+images+in+MS-Office+documents+used+in+targeted+attacks/16964
December 10, 2013 - UPDATED REFERENCES:
Microsoft:
https://technet.microsoft.com/en-us/security/bulletin/ms13-096
CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3906