This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

US-CERT Alert concerning malcious attacks utilizing TIFFs

Heather_Panek1
Champ in-the-making
Champ in-the-making

‎11-06-2013 09:06 AM

Our IT department alerted me to the following CERT Alert concerning the threat of malicious attacks using TIFF images. The proposed work-around until there is a proper patch is to disable TIFF files. Obviously, this would be a major issue for OnBase users.

Does Hyland have a stance or response for this Alert? How are other companies handling this security issue?

Security Advisory for Microsoft Graphics Component

Microsoft has released a Security Advisory regarding a vulnerability in the Microsoft Graphics component that affects Microsoft Windows, Microsoft Office, and Microsoft Lync. An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content. Successful exploitation of the vulnerability could allow an attacker to gain the same user rights as the current user.

US-CERT encourages users and administrators to review the Security Advisory and follow best practice security policies to determine if their organization is affected and the appropriate response.

 https://www.us-cert.gov/ncas/current-activity/2013/11/05/Security-Advisory-Microsoft-Graphics-Compon...

https://support.microsoft.com/kb/2896666

Labels:
0 Kudos
3 REPLIES 3

Marcus_Christi6
Star Contributor
Star Contributor

‎11-06-2013 09:42 AM

Definitely concerning.  However it would seem to affect RightFax and others that send direct TIFF images.

In our world we scan everything color, and use a compressed JPG for that creation.  But I also notice that Windows 7 (client) is not affected, where Windows  Server 2008 is.  Wonder if it's all down to the privileges of the user, since most users would not be working directly on a server.

My read of this: it's the Microsoft Office user population that needs to be worried.

0 Kudos

Nick_Stefanski
SME
SME

‎11-06-2013 09:51 AM

Under the suggested actions of the Microsoft Security Advisory section there is a second option as follows

  • Deploy the Enhanced Mitigation Experience Toolkit

The Enhanced Mitigation Experience Toolkit (EMET) helps mitigate the exploitation of this vulnerability by adding additional protection layers that make the vulnerability harder to exploit. EMET 4.0 is officially supported by Microsoft. At this time, EMET is only available in the English language. For more information, see Microsoft Knowledge Base Article 2458544.

Link to Microsoft security advisory

http://technet.microsoft.com/en-us/security/advisory/2896666

This looks cumbersome to deploy though.

 

0 Kudos

Mike_Saville
Elite Collaborator
Elite Collaborator

‎11-07-2013 04:12 AM

It is concerning, but from reading the advisory, it is mainly Office and Lync issues.  Unless you are running Vista on the end user workstations, any currently supported Microsoft OS  isn't effect and if your running Windows 2008 R2, you should be fine there also.  You also need to remember that in OnBase probably 99% of the TIFF files are created during a scanning process which wouldn't create any custom malicious code in the TIFF and that a TIFF file is viewed in the OnBase viewer, not the Windows or Office viewer. 

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC