Microsoft’s recently found zero-day flaw in Windows and Office is highly unlikely to be patched sooner than December, which means that users need to act fast to protect their computers.That’s what Wolfgang Kandek, Qualys CTO, said in a short statement for NewsFactor, explaining that Patch Tuesday is too close, so Microsoft doesn’t have enough time to work on a fix.
“Microsoft has provided a Fix It that turns off TIFF rendering in the affected graphics library, which should have no impact if you are not working with TIFF format files on a regular basis. Given the close date of the next Patch Tuesday for November, we don't believe that we can count on a patch arriving in time, but will probably have to wait until December, which makes your planning for a work-around even more important,” he explained.
The zero-day flaw allows an attacker to get the same rights as the logged on user with the help of a compromised Office document delivered via email and comprising malicious TIFF images.
Microsoft has already confirmed the flaw, but has released a Fix It solution to help set up users’ computers in order to block any potential exploit until a patch is being released. In the meantime, several security apps have already received updates to block the flaw.