Microsoft is lining up eight bulletins for the November edition of patch Tuesday (12 November), including three critical fixes, but there's no relief in sight for a zero-day vulnerability in how Office handles .TIFF graphics files. Hackers are exploiting a zero-day vulnerability in a graphics library that is used by Microsoft …
My NAS inbuilt AV scanner (ClamAV) lit up this morning with a bunch of TIFFs.
I suspect false positives, as these are TIFFs which (in two cases) have been sat idle for a few years and last touched as part of an archive/backup.
Jotti and VirusTotal also only showed ClamAV reporting those files with the 'issue', so if you are running ClamAV, I'd consider a pinch of salt with your virus scan reports this morning....
Why wait until next month for the TIFF fix ? I really don't understand why it's not pushed out as soon as it is tested and ready considering it is already being exploited.
Re: Eh ?
Probably because of Windows shit update mechanism that requires a reboot just to update a system text file. Therefore limiting you to only one guaranteed outage per month.
People still use this buggy as hell piece of software? It's no surprise windows is fastly becoming a relic of the bug ridden past
We have a choice
Let me make my own mistakes!
This kind of thing would rustle my jimmies...
... if I used Microsoft products.
An alternative work-around
They said: "a workaround to defend against possible attacks that works by disabling TIFF rendering in the affected graphics library." A more effective workaround is to substitute LibreOffice for the MS Office problem, and further, to run LibreOffice on Debian Linux. MS patch delays wouldn't matter nearly so much.
If MS would only promise to keep issuing patches for XP until it was all fixed ... but Hell would most likely freeze over first?
Re: An alternative work-around
> A more effective workaround is to substitute LibreOffice for the MS Office problem
I haven't looked at LibreOffice in a while. What's the name of its mail component that works as well with Exchange as Outlook does?