The Latest in IT Security

A critical vulnerability that lets attackers use corrupted TIFF images to take over victims computers is among the flaws Microsoft will fix Tuesday, Dec. 10, as part of its regular Patch Tuesday monthly update cycle. The flaw involves the way Microsofts Graphics Device Interface handles TIFF files on Windows Vista, Windows Server 2008 and Microsoft Office 2003-2010, and has already been exploited in documented attacks. Attackers place a TIFF corrupted with malware into a Word document, attach the document to an email message and send the message to targeted individuals. MORE: Mobile Security Guide: Everything You Need to Know If the Word document is previewed or opened, an attacker can gain control of the targeted persons computer, gaining the same system rights and permissions as the user logged in at the time of the attack. A zero-day exploit attacking this flaw — Microsoft was not aware of the flaw before the exploit was developed — has been seen in Asia and the Middle East. Of the 11 flaws scheduled to be fixed this Patch Tuesday, this is one of five rated critical, which Microsoft defines as a vulnerability whose exploitation could allow code execution without user interaction — i.e., one that lets an attacker seize control of the targets computer. The other critical fixes include patches for Microsoft Office versions 2013, 2010, 2007 and 2003, Microsofts native chat application Lync (versions 2010 and 2013), Internet Explorer versions 6 through 11 and the Exchange mail server. All supported versions of Windows, from XP to RT and 8.1, are affected by at least one of the critical vulnerabilities. Not among the fixes is a patch to address a recently discovered Windows XP zero-day exploit that involves tricking Windows XP users to open a malware-infested PDF file.  Were still working to develop a security update and well release it when ready, Microsoft Trustworthy Computing manager Dustin Childs said in a blog posting yesterday (Dec. 5). Hopefully, Microsoft will issue a patch for this vulnerability in Januarys Patch Tuesday updates. The company will end all support, including security patches, for Windows XP on April 8, 2014. Email [email protected] or follow her @JillScharr and Google+ .  Follow us @TomsGuide , on Facebook and on Google+ . How to Connect a PS4 Controller to a PC – To Hilarious Effect Best Antivirus Software Review Best PC System Utilities Software for Home Users Copyright 2013 Toms Guides , a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.