A Fatal Vulnerability in Windows and Office
Microsoft is currently warning users about a new fatal vulnerability in Windows Vista, Server 2008 and Office 2003 to 2010. The vulnerability is defined and explained under the code “CVE-2013-3906”.
The vulnerability enables images infected with malicious code to access your system. Microsoft has defined this problem in the CVE (Common Vulnerabilities and Exposures) Database.
So far, AV-TEST has identified and analysed a total of eight different malicious DOCX files where this vulnerability is concerned. The following manufacturers have already updated their anti-virus products with a (static) signature in order to protect systems against these malicious files:
Status 11.11.2013, 09:30 UTC
Hersteller | Signatur |
---|---|
Ahnlab | Exploit/Cve-2013-3906 |
Avast | TIFF:CVE-2013-3906 [Expl] |
AVG | Exploit_c.YWS, Exploit_c.YWT |
Avira | EXP/CVE-2013-3906, EXP/CVE-2013-3906.A |
Bitdefender | Exploit.CVE-2013-3906.Gen |
Commtouch / F-Prot | CVE133906 |
Dr.Web | Exploit.CVE2013-3906.1, Exploit.CVE2013-3906.2 |
ESET Nod32 | Win32/Exploit.CVE-2013-3906.A trojan |
Fortinet | W32/DocDrop.AP!tr, W32/MSOffice_CVE_2013_3906.A!exploit |
F-Secure | Exploit.CVE-2013-3906.Gen |
G Data | Exploit.CVE-2013-3906.Gen |
Kaspersky | Exploit.MSOffice.CVE-2013-3906.a, Exploit.OLE2.CVE-2012-1856.b |
McAfee | Exploit-CVE2013-3906 (trojan), Exploit-FMC!DE64624613FD (trojan) |
Microsoft | Exploit:Win32/CVE-2013-3906 |
Norman | Shellcode.B, Shellcode.D |
Norton / Symantec | Trojan.Hantiff, Trojan.Mdropper |
Sophos | Troj/DocDrop-AP |
ThreatTrack | Exploit.TIFF.CVE-2013-3906 (v) |
Please note: Products/Manufacturers that are not listed above have either not yet been tested, not yet released an update or are not yet able to protect systems against all known attacks. We plan to update the overview provided above from time to time. In the meantime, we strongly recommend that you follow the recommendations published by Microsoft until a complete security update has been released. The following blog contains a description from Microsoft as to how you can quickly protect your system without an official update:
Tips for More Security
The simplest tip provided by Microsoft with regard to securing your operating system is to quickly access the Windows registry in order to restrict the display of TIFF files:
1. Open the registry editor with „Start, execute“, type in „regedit“ and press „Enter“
2. Open the entry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Gdiplus\DisableTIFFCodec = 0
3. Doubleclick the entry and change the value from „0“ to „1“
Changing Your Office Word Settings as a Preventive Measure
Instructions as to how to improve the security of Office Word can be found here:
Other helpful links include:
http://www.alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets