Microsoft warns of new virus taking over Windows computers
Microsoft is urging customers to protect themselves from a newly discovered vulnerability that allows hackers to take control of a victim’s computer remotely through a sophisticated zero-day attack infecting Windows machines.
Dustin Childs, the group manager of Microsoft’s Response Communications team, announced on Tuesday that the company was aware of an issue affecting computers running the Windows Vista operating system and several versions of Microsoft Office, the likes of which could let a malicious hacker take control of a target’s machine simply by tricking the victims’ computer into attempting to render a .TIFF image.
According to Childs, computers are being compromised when victims are tricked into opening emails that include “special crafted” Microsoft Word document attachments that contain coding that lets the hackers exploit a vulnerability using a malformed graphics image embedded in the file itself.
If the attack is executed correctly, the vulnerability allows a hacker to gain the same privileges of the computer’s legitimate user at the time of attack, meaning a malicious actor could gain access to any files and documents used by a victim that’s tricked into opening the Word document. Larry Seltzer with ZDNet wrote that the attack takes advantage of a bug in the way some TIFF files are handled, resulting “in memory corruption which may be exploited by the attacker to take control of execution.”