11-06-2013 09:06 AM
Our IT department alerted me to the following CERT Alert concerning the threat of malicious attacks using TIFF images. The proposed work-around until there is a proper patch is to disable TIFF files. Obviously, this would be a major issue for OnBase users.
Does Hyland have a stance or response for this Alert? How are other companies handling this security issue?
Security Advisory for Microsoft Graphics Component
Microsoft has released a Security Advisory regarding a vulnerability in the Microsoft Graphics component that affects Microsoft Windows, Microsoft Office, and Microsoft Lync. An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content. Successful exploitation of the vulnerability could allow an attacker to gain the same user rights as the current user.
US-CERT encourages users and administrators to review the Security Advisory and follow best practice security policies to determine if their organization is affected and the appropriate response.
11-06-2013 09:42 AM
Definitely concerning. However it would seem to affect RightFax and others that send direct TIFF images.
In our world we scan everything color, and use a compressed JPG for that creation. But I also notice that Windows 7 (client) is not affected, where Windows Server 2008 is. Wonder if it's all down to the privileges of the user, since most users would not be working directly on a server.
My read of this: it's the Microsoft Office user population that needs to be worried.
11-06-2013 09:51 AM
Under the suggested actions of the Microsoft Security Advisory section there is a second option as follows
The Enhanced Mitigation Experience Toolkit (EMET) helps mitigate the exploitation of this vulnerability by adding additional protection layers that make the vulnerability harder to exploit. EMET 4.0 is officially supported by Microsoft. At this time, EMET is only available in the English language. For more information, see Microsoft Knowledge Base Article 2458544.
Link to Microsoft security advisory
http://technet.microsoft.com/en-us/security/advisory/2896666
This looks cumbersome to deploy though.
11-07-2013 04:12 AM
It is concerning, but from reading the advisory, it is mainly Office and Lync issues. Unless you are running Vista on the end user workstations, any currently supported Microsoft OS isn't effect and if your running Windows 2008 R2, you should be fine there also. You also need to remember that in OnBase probably 99% of the TIFF files are created during a scanning process which wouldn't create any custom malicious code in the TIFF and that a TIFF file is viewed in the OnBase viewer, not the Windows or Office viewer.
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.