Malware Warning! – Careful Opening TIFF Files!

Virtual Density has identified an issue that may impact your IT systems. We are actively working on the issue and will provide updates as further information becomes available.

Potential Business Impact

Use extreme caution when opening .TIFF files and when visiting unknown websites.

Service(s) Impacted:

Exchange and Lync, plus other Microsoft products. (Click here for a full list:

Summary of issue:

TIFF attachments in Lync or Email

Started at 11/05/2013 07:43 PM ET

Microsoft has identified a “zero-day” vulnerability involving .TIFF files. This means that neither Microsoft nor the antivirus companies have been able to develop tools to address this vulnerability. Because this is a zero-day vulnerability, the only way to protect yourself is to exercise extreme caution when opening .TIFF files, no matter how they reach you—whether via Exchange or Lync or through unknown websites. We advise all our users to be very careful with .TIFF files. Anti-virus and firewall protection applications may not stop this threat. Do not open any files with a filename ending in .tiff – either through your personal mail or Virtual Density mail. There are a number of news articles discussing the specific details of the vulnerability.

You can read them here: Here are some answers to questions you may have:

Q: Won't Virtual Density's SpamStopper catch any viruses that are trying to get through?
A: No. The very definition of zero-day means that as of today, there are no signatures that let us detect any attachments containing malware. Your best defense is user awareness until Microsoft delivers a patch, and until signatures can be developed.

Q: Can I block .TIFF files from being delivered to my end users mailboxes?
A: No, unfortunately, that functionality is not available.

Q: When is Microsoft anticipated to deliver a patch?
A: Microsoft has stated that it will "take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update”. Rest assured that we'll apply the updates as soon as they're made available to us.

Technical Details:

From Wikipedia: “A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on "day zero" of awareness of the vulnerability. This means that the developers have had zero days to address and patch the vulnerability.” The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images. An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Questions about this event?

Feel free to contact us at our Support Center in the following link:

Leave a comment!

You must be logged in to post a comment.