MENU
November 08, 2013 | Other
  • Share:

A Fatal Vulnerability in Windows and Office

Microsoft is currently warning users about a new fatal vulnerability in Windows Vista, Server 2008 and Office 2003 to 2010. The vulnerability is defined and explained under the code “CVE-2013-3906”.

More security for Office Word

Set the Active-X configuration as shown above.

zoom

The vulnerability enables images infected with malicious code to access your system. Microsoft has defined this problem in the CVE (Common Vulnerabilities and Exposures) Database.

So far, AV-TEST has identified and analysed a total of eight different malicious DOCX files where this vulnerability is concerned. The following manufacturers have already updated their anti-virus products with a (static) signature in order to protect systems against these malicious files:

Fast protection for Windows
Change the entry of DisableTIFFCodec from "0" to "1"
zoom ico

Status 11.11.2013, 09:30 UTC

HerstellerSignatur
AhnlabExploit/Cve-2013-3906
AvastTIFF:CVE-2013-3906 [Expl] 
AVGExploit_c.YWS, Exploit_c.YWT
AviraEXP/CVE-2013-3906, EXP/CVE-2013-3906.A
BitdefenderExploit.CVE-2013-3906.Gen 
Commtouch / F-ProtCVE133906
Dr.WebExploit.CVE2013-3906.1, Exploit.CVE2013-3906.2 
ESET Nod32Win32/Exploit.CVE-2013-3906.A trojan
FortinetW32/DocDrop.AP!tr, W32/MSOffice_CVE_2013_3906.A!exploit
F-SecureExploit.CVE-2013-3906.Gen
G DataExploit.CVE-2013-3906.Gen
KasperskyExploit.MSOffice.CVE-2013-3906.a, Exploit.OLE2.CVE-2012-1856.b
McAfeeExploit-CVE2013-3906 (trojan), Exploit-FMC!DE64624613FD (trojan)
MicrosoftExploit:Win32/CVE-2013-3906
NormanShellcode.B, Shellcode.D
Norton / Symantec Trojan.Hantiff, Trojan.Mdropper 
SophosTroj/DocDrop-AP
ThreatTrackExploit.TIFF.CVE-2013-3906 (v)

Please note: Products/Manufacturers that are not listed above have either not yet been tested, not yet released an update or are not yet able to protect systems against all known attacks. We plan to update the overview provided above from time to time. In the meantime, we strongly recommend that you follow the recommendations published by Microsoft until a complete security update has been released. The following blog contains a description from Microsoft as to how you can quickly protect your system without an official update:

blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx

Tips for More Security

The simplest tip provided by Microsoft with regard to securing your operating system is to quickly access the Windows registry in order to restrict the display of TIFF files:
1. Open the registry editor with „Start, execute“, type in „regedit“ and press „Enter“
2. Open the entry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Gdiplus\DisableTIFFCodec = 0
3. Doubleclick the entry and change the value from „0“ to „1“

Changing Your Office Word Settings as a Preventive Measure

Instructions as to how to improve the security of Office Word can be found here:

blogs.technet.com/b/srd/archive/2009/03/03/behavior-of-activex-controls-embedded-in-office-documents.aspx

Other helpful links include:
http://www.alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets

www.cve.mitre.org/cgi-bin/cvename.cgi

Social Media

We want to stay in touch with you! Now there is an easy way to receive regular updates on the latest news and test releases.