Follow on Google News News By Tag Industry News News By Location Country(s) Industry News
Follow on Google News | Information Security Professionals Discover New Vulnerability in Microsoft WindowsInformation Security Professionals Discover New Vulnerability in Microsoft Windows
By: EC-Council The attacker may send the malicious thumbnail image embedded in Microsoft word or PowerPoint file through e-mail as an attachment. The e-mails from attackers have cleverly crafted messages and appear to come from a legitimate source. When an unwary user opens the file to view or preview the thumbnail image, the attacker may execute arbitrary code. An attacker may also place the malicious thumbnail image on a network share. The arbitrary code is executed by tricking the users to navigate the file by clicking on a link in instant message or e-mail. The attackers rely on return-oriented- Once the malicious code is executed, the attackers may gain control of the affected computer system. Through remote access to the computer, an attacker may direct commands, view, modify and delete files. The attacker may also create new user accounts. Successful exploitation of the vulnerability may cause information security breach. Users must avoid clicking on suspicious links, avoid downloading untrusted files and evade e-mails from unknown sources. Users with administrative rights are more susceptible to the vulnerability than users with user accounts. Data breach has financial, business, reputational and legal implications for organizations. Employee awareness, adherence to security advisories, periodic security evaluations through ethical hacking and security audits, and monitoring traffic to databases with privileged information may help organizations in mitigating vulnerabilities and reducing attacks. Contact Press EC-Council Website: http://www.eccouncil.org Email: iclass@ Tel: 505-341- # # # EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world. EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. End
Account Email Address Disclaimer Report Abuse
|
|