Microsoft warns Windows users of zero-day danger from booby trapped image files

[seedy21]

Microsoft is warning about a brand new security hole in Windows that could let criminals get control of your computer through booby-trapped image files. The flaw, dubbed CVE-2013-3906, is described by Redmond's security experts as a "remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images."

In short: just opening a maliciously-tweaked TIFF image could lead to what's known as a drive-by download, or drive-by install, where malware is silently installed onto your computer without any warning message or "are you sure" dialog.

 

http://nakedsecurity.sophos.com/2013/11/06/microsoft-warns-windows-users-of-zero-day-danger-from-booby-trapped-image-files/

[KenB]

Thanks for posting this Seedy21.

 

It seems to me that Microsoft - by withdrawing support - are trying to force people to upgrade from a perfectly good OS.

 

Regarding this specific problem:

There are some steps that you can take as a precaution against it.

 

 

• Don't run as administrator all the time. That way, if you do get attacked, you limit the extent of your exposure.
  
• Be cautious of unsolicited attachments.
  
• Make sure your anti-virus is updating frequently and correctly to maximise your protection.
  
• Try out the Fix it unless you are certain in advance that it will get in the way.
  

( quoted from the article )

 

There is a "Fix-It"

click here

 

Also there is a registry tweek: ( set the following registry key as below )

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Gdiplus\DisableTIFFCodec = 1