Warning from Microsoft on hacker attacks

Add to: Digg Add to: Del.icio.us Add to: Facebook Add to: Furl Add to: Google Add to: Live Spaces Add to: MySpace Add to: StumbleUpon Add to: Twitter
Thursday December 5, 2013 at 10:00am

A “vulnerability” in the Microsoft’s operating system hit the headlines recently providing a useful reminder for all users of the Microsoft platform to check anti-virus and IT set up to minimise possible threats.

The warning from Microsoft was that hackers might be able to exploit a “vulnerability” in its operating system to gain unauthorised access to affected PCs, laptops and servers.

The attack arrives in the form of an email or web content which users are invited to open or preview. Microsoft provides a list of the products that are at risk on their website.

The problem, which centres on a graphic component associated with Tagged Image File Format or TIFF files, requires user interaction – that is opening or previewing the infected file, but how many times have you clicked on something without being 100% sure it was legitimate?

This kind of vulnerability falls outside of Microsoft’s monthly patch cycle, leaving users open to attack until these patches are rolled out. This is one problem, but the more serious one perhaps is that many users and companies in my experience do not enable automatic updates. This means that even when a problem is found and a patch issued their PCs, laptops and servers remain vulnerable to attack.

The fix issued for the latest vulnerability is causing some problems in itself, especially for people working in the design sector (as it basically turns off TIFF file rendering). But should not be used as a reason to turn off automatic updates!

I believe MS will issue a more user friendly fix in time and in any event some AV (anti virus) applications will have blocked the various components of the TIFF zero-day attack.

So now is a good time to:

  • Disable attachments/image preview in your email application
  • Make sure your PCs are set up correctly to accept regular software patches and updates
  • Consider upgrading from older software versions such as MS Windows XP, which some companies are still clinging onto. Support for Windows XP will cease in April 2014 and no further patches will be issued leaving the ageing OS even more open to attack from next May.

‘Patch management’ is an important part of Information Security, and ISO27001: 2013 can help implement controls to minimise such threats and vulnerabilities to your company assets.

Comments on this post:

There aren't any comments for this post yet. Why not be the first to comment?

Share your experiences:

Your Name  
(to appear with your comment)
Email Address  
(will not be published)
Human Validation Check  
In the box below, please type the characters that you see in the picture. This helps us to ensure a real person (and not a crafty computer!) is submitting this form.

Enter the code shown to the left:

Parker Management Consultants, 1st floor, Dominion Court, 43, Station Road, Solihull, B91 3RT Contact us here