ActionFraud - National Fraud & Cyber Crime Reporting Centre - Call 0300 123 2040

Microsoft warns users of security hole

Microsoft has warned that hackers could exploit a "vulnerability" in specific versions of Windows to gain user rights to the affected computers.

Woman On Keyboard

The brand new security hole called CVE-2013-3906 could let hackers gain control of your computer through infected TIFF image files. Just by opening a malicious TIFF image file - malware could be silently installed onto your computer.

Microsoft said that in a web-based attack scenario, a hacker could host a specially made website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker could not force you to view this website and would have to rely on you clicking a link in an email message/Instant Messenger that takes users to the attacker's website or by opening an attachment sent through email.

The security issue only affects Microsoft Windows Vista, Windows Server 2008, Microsoft Office 2003 - 2010, and Microsoft Lync. Recent versions of Microsoft Windows and Office are safe from the vulnerability.

Microsoft said they are investigating the vulnerability and will be releasing a full patch to fix it soon. In the meantime they have published a Fix it tool that will render your computer immune to this particular attack.

To avoid falling victim to this vulnerability

  • Check if your software is affected by visiting Microsoft’s website.
  • Install Microsoft’s Fix it tool to protect your computer.
  • Always use legitimate antivirus software and keep it up to date: Installing reputable antivirus software is one of the most effective ways to protect yourself from malware.
  • Do not click on any suspicious links from email or download unsolicited attachments.

For further information please visit the Microsoft website.

Please note that Action Fraud is not responsible for the content of external websites.

To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.

Related links

Beware of fake Microsoft notification emails
Malware attack poses as warning from Microsoft
Microsoft warns of browser flaw

Most shared articles

Related articles