On Tuesday, Microsoft warned that hackers are targeting Windows Vista and MS Office versions 2003 to 2010 to exploit a vulnerability that allows them to take control of the machine. Windows Server 2008 is also vulnerable.The attackers are sending fake e-mail notifications, a phishing attack, to all users with a word file attached to it. When users open or even try to preview the file, it will instantly infect the computer through a malformed graphical image embedded in the document.
This is about as bad vulnerability as there can be because the attacker is granted the same user privileges as enjoyed by the user who is currently logged on. The door is then opened to download and install whatever nefarious files the attacker has planned.Microsoft claims that users in Middle East and South Asia have been the most effected, so far. Microsoft has already released the Microsoft Fix It solution for their users. An exploit associated with this attack is the TIFF file codec, said to be the root of the problem. Microsoft has suggested that using Mitigation Experience Toolkit will defend users against other malware intrusions and stop this threat.Comodo antivirus users are protected from this type of attack because any malware downloaded by the attacker will removed or sandboxed.