Security Advisory: .TIFF attachments in Lync or Email

Microsoft has identified a “zero-day” vulnerability in the graphics code in certain versions of Windows, Exchange and Lync involving .TIFF files. They say they have received reports of targeted attacks in the wild using the vulnerability, specifically against Microsoft Office.

Because it’s a “zero-day” vulnerability, this means that neither Microsoft nor the antivirus companies have been able to develop tools to address this vulnerability.

The only way to protect yourself is to exercise extreme caution when opening .TIFF files, no matter how they reach you—whether via Exchange or Lync or through unknown websites.

Intermedia advises all its users to be very careful with .TIFF files. Anti-virus and firewall protection applications may not stop this threat. Do not open any files with a filename ending in .TIFF – either through your personal mail or Intermedia mail.

There are a number of news articles discussing the specific details of the vulnerability. You can read them here.

Here are some answers to questions you may have:

Q: Won’t Intermedia’s SpamStopper catch any viruses that are trying to get through?

A: No. The very definition of zero-day means that as of today, there are no signatures that let us detect any attachments containing malware. Your best defense is user awareness until Microsoft delivers a patch, and until signatures can be developed.

Q: Can I block .TIFF files from being delivered to my end users mailboxes?

A: Unfortunately, that functionality is not available.

Q: When is Microsoft anticipated to deliver a patch?

A: Microsoft has stated that it will “take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update”.

About Ryan Barrett

Ryan is Intermedia's Vice President for Security and Privacy.