back to article Windows, Office zero-day vuln must wait for next Patch Tuesday, says MS

Microsoft is lining up eight bulletins for the November edition of patch Tuesday (12 November), including three critical fixes, but there's no relief in sight for a zero-day vulnerability in how Office handles .TIFF graphics files. Hackers are exploiting a zero-day vulnerability in a graphics library that is used by Microsoft …

COMMENTS

This topic is closed for new posts.
  1. Blacklight
    WTF?

    o_O

    My NAS inbuilt AV scanner (ClamAV) lit up this morning with a bunch of TIFFs.

    I suspect false positives, as these are TIFFs which (in two cases) have been sat idle for a few years and last touched as part of an archive/backup.

    Jotti and VirusTotal also only showed ClamAV reporting those files with the 'issue', so if you are running ClamAV, I'd consider a pinch of salt with your virus scan reports this morning....

  2. Anonymous Coward
    FAIL

    Eh ?

    Why wait until next month for the TIFF fix ? I really don't understand why it's not pushed out as soon as it is tested and ready considering it is already being exploited.

    1. Anonymous Coward
      Anonymous Coward

      Re: Eh ?

      Probably because of Windows shit update mechanism that requires a reboot just to update a system text file. Therefore limiting you to only one guaranteed outage per month.

  3. Bladeforce

    People still use this buggy as hell piece of software? It's no surprise windows is fastly becoming a relic of the bug ridden past

    1. Captain Scarlet Silver badge
      Coffee/keyboard

      We have a choice

      Let me make my own mistakes!

  4. CAPS LOCK

    This kind of thing would rustle my jimmies...

    ... if I used Microsoft products.

  5. Gray
    Go

    An alternative work-around

    They said: "a workaround to defend against possible attacks that works by disabling TIFF rendering in the affected graphics library." A more effective workaround is to substitute LibreOffice for the MS Office problem, and further, to run LibreOffice on Debian Linux. MS patch delays wouldn't matter nearly so much.

    If MS would only promise to keep issuing patches for XP until it was all fixed ... but Hell would most likely freeze over first?

    1. Anonymous Coward
      Anonymous Coward

      Re: An alternative work-around

      > A more effective workaround is to substitute LibreOffice for the MS Office problem

      I haven't looked at LibreOffice in a while. What's the name of its mail component that works as well with Exchange as Outlook does?

This topic is closed for new posts.

Other stories you might like