Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us

    Microsoft announced yesterday that an unpatched vulnerability was reportedly being exploited and used in targeted attacks in certain countries. The said exploit is designed to take advantage of a previously unknown vulnerability in Microsoft Office 2003, 2007 and 2010 and Windows XP and Server 2003.

    The said vulnerability stems from how older versions of Office and Windows graphic components process TIFF images (CVE-2013-3906). A common way that this is being exploited is embedding a DOC file with a malicious TIFF file. Using clever social engineering tactics, an attacker can persuade users to open an email with a malicious attachment or visit a site hosting the exploit. Once done, an attacker gains the same user account privileges as the logged-in user. Fortunately, those user accounts configured with limited rights are not as affected.

    There are two important points that need to be considered. First, this zero-day attack was initially seen in certain regions particularly the Middle East and South Asia. However, it’s only a matter of time before the attack reaches other countries. It is important for users and organizations to understand the basics of social engineering and how threat actors can incorporate this in their attacks. Organizations can always benefit from well-conceived employee social engineering training program, which includes “social” penetration testing. For more information on how companies can protect their infrastructure from targeted attacks, you may refer here.

    Second, only older versions of the software are affected by this threat. This is not the first instance that older software versions were susceptible to such attacks, for example the Java 6 zero-day incident last August. Fortunately, in this case, patches will still be made available, but in the long run it is a potential risk. Users and system administrators should consider the security benefits of keeping their software up to date.

    Microsoft has released a Fix-it Tool to temporarily address the issue. Trend Micro Deep Security also protects users from this threat via the following rules:

    • 1005764 – Microsoft Graphics Component Remote Code Execution Vulnerability (CVE-2013-3906)
    • 1005765 – Identified Microsoft Office File With Embedded TIFF File

    We have blocked several websites related to this attack and obtained several samples of this exploit. We detect these as TROJ_ACTIFF.A and TROJ_ACTIFF.B. We are actively monitoring this threat and will update this post with further information as necessary.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    • Youssef J.

      Companies who have IDF (Intrusion Defense Firewall) deployed are also protected with these rules:

      IDF Rule #1005764
      Microsoft Graphics Component Remote Code Execution Vulnerability (CVE-2013-3906)

      IDF Rule #1005765
      Identified Microsoft Office File With Embedded TIFF File

    • Youssef J.

      Companies who have IDF (Intrusion Defense Firewall) deployed are also protected with rules:

      1005764 – Microsoft Graphics Component Remote Code Execution Vulnerability (CVE-2013-3906)
      1005765 – Identified Microsoft Office File With Embedded TIFF File



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice