Lync products affected include:
Microsoft $100,000 Bug Reward |
Lync 2010 x86, x64
Lync 2010 Attendee
Lync 2013 x86, x64
Lync Basic 2013 x86, x64
Office 365 is not affected by the exploit.
Microsoft have released a temporary patch to block rendering of the TIFF format using the registry mod below: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Gdiplus\DisableTIFFCodec = 1
Microsoft advise installing EMET (the Enhanced Mitigation Experience Toolkit) that is able to mitigate this exploit in advance when any of the following mitigations are enabled for Office binaries:
Multiple ROP mitigations (StackPointer, Caller, SimExec, MemProt) available in EMET 4.0
Other mitigations (MandatoryASLR, EAF, HeapSpray ) included in EMET 3.0 and 4.0
EMET can be deployed via group policy or SCCM for blanket coverage of all vulnerable clients.
I really liked your blog article.Really thank you! Really Cool.
ReplyDeleteoffice 365 online training
office 365 training