Summary of issue: TIFF attachments in Email or on Websites
Started at 11/05/2013 07:43 PM ET
Microsoft has identified a "zero-day" vulnerability involving .TIFF files. This means that neither Microsoft nor the antivirus companies have been able to develop tools to address this vulnerability. Because this is a zero-day vulnerability, the only way to protect yourself is to exercise extreme caution when opening .TIFF files, no matter how they reach you—whether via Exchange or Lync or through unknown websites. Mile High Networks advises all its users to be very careful with .TIFF files. Anti-virus and firewall protection applications may not stop this threat. Do not open any files with a filename ending in .tiff – either through your personal mail or business mail. There are a number of news articles discussing the specific details of the vulnerability. You can read them here: https://news.google.com/news?ncl=d-A1C6SaxJzq77M7R5cmrPtUUtToM&q=zero+day+microsoft&lr=English&hl=en
Here are some answers to questions you may have:
Q: Won't the email filter catch any viruses that are trying to get through?
A: No. The very definition of zero-day means that as of today, there are no signatures that let us detect any attachments containing malware. Your best defense is user awareness until Microsoft delivers a patch, and until signatures can be developed.
Q: Can I block .TIFF files from being delivered to my mailbox?
A: Some systems will allow you to block attachments with .tif or .tiff; however, it is not guaranteed as it may arrive embedded instead of attached..
Q: When is Microsoft anticipated to deliver a patch?
A: Microsoft has stated that it will "take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update". Rest assured that we'll apply the updates as soon as they're made available to us.
Technical Details:
From Wikipedia: "A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on "day zero" of awareness of the vulnerability. This means that the developers have had zero days to address and patch the vulnerability." The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images. An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.