Microsoft out-of-band Security Advisory for Graphics Component (Nov 5, 2013)

Microsoft has released an out-of-band bulletin Microsoft Security Advisory (2896666) on Nov 5, 2013 that addresses a vulnerability in Microsoft Graphics Component. This vulnerability affects Microsoft Windows, Microsoft Office and Microsoft Lync. The Graphics component improperly handles specially crafted TIFF images. These images can be embedded in malicious documents and thus can be served via both email or web allowing attackers to achieve remote code execution. Microsoft reports there are known targeted attacks that exploit Microsoft Office.

This vulnerability has been referred by CVE as CVE-2013-3906.

Dell SonicWALL threat team researched this vulnerability the same day and created following GAV signatures to cover the attack.

• GAV: 26249 Malformed.docx.MP.1
• GAV: 26255 Malformed.tif.MP.3
• GAV: 26278 Malformed.docx.MP.2
• GAV: 26311 CVE-2013-3906
• GAV: 26320 Sisproc.A_6
• GAV: 26388 Agent.OGZ_2
• GAV: 26391 Delf.PNS
• GAV: 26394 Webclient.A
• GAV: 26396 Spy.MT
• GAV: 26399 KeyLogger.AHKO
• GAV: 26401 Zbot.VFO
• GAV: 26404 VB.NYJ
• SPY: 4732 Malformed-File doc.MP.6

For the Microsoft vulnerabilities covered by SonicWALL, please refer to SonicWALL MAPP for details.

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.