Microsoft server products affected by TIFF vulnerability
Exchange and Lync, plus other Microsoft products. (Click here for a full list: https://technet.microsoft.com/en-us/security/advisory/2896666)
Microsoft has identified a “zero-day” vulnerability involving .TIFF files. This means that neither Microsoft nor the antivirus companies have been able to develop tools to address this vulnerability. Because this is a zero-day vulnerability, the only way to protect yourself is to exercise extreme caution when opening .TIFF files, no matter how they reach you—whether via Exchange or Lync or through unknown websites. We advise all users to be very careful with .TIFF files. Anti-virus and firewall protection applications may not stop this threat. Do not open any files with a filename ending in .tiff – either through your personal mail or Exchangemail. There are a number of news articles discussing the specific details of the vulnerability. You can read them here: https://news.google.com/news?ncl=d-A1C6SaxJzq77M7R5cmrPtUUtToM&q=zero+day+microsoft&lr=English&hl=en
Here are some answers to questions you may have:
Q: Won’t Blue Net’s Mail Filter catch any viruses that are trying to get through?
A: No. The very definition of zero-day means that as of today, there are no signatures that let us detect any attachments containing malware. Your best defense is user awareness until Microsoft delivers a patch, and until signatures can be developed.
Q: Can I block .TIFF files from being delivered to my end users mailboxes?
A: Unfortunately, that functionality is not available.
Q: When is Microsoft anticipated to deliver a patch?
A: Microsoft has stated that it will “take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update”. Rest assured that we’ll apply the updates as soon as they’re made available to us.
From Wikipedia:
“A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on “day zero” of awareness of the vulnerability. This means that the developers have had zero days to address and patch the vulnerability.” The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images. An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.