Nasty Windows Vulerability (925568)
This is a bad one because the vulnerability is caused by viewing images in either the web or e-mail
Everyday you see thousands of images, but the image could contain the exploit.
My advice is to be extra careful until Microsoft Patch this. The patch is due on the 10th of October.
If the patch comes out sooner then you know its bad.
Mitigating Factors:
In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or instant messenger message that takes users to the attacker’s Web site.
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
In an e-mail based attack of this exploit, customers who read e-mail in plain text are at less risk from this vulnerability. Instead users would have to either click on a link that would take them to a malicious Web site or open an attachment to be at risk from this vulnerability.
In an e-mail based attack of this exploit, customers who read e-mail using Outlook Express on Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, are at less risk from this vulnerability because Binary and Script Behaviors is disabled by default in the Restricted sites zone.
Link: http://www.microsoft.com/technet/security/
Office2007 User Interface
