Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    eBook    Contact
Bookmark and Share

TIFF Files Security Vulnerability Warning

Circulating message warns users not to open email or website files that have the file extension .tiff because a vulnerability associated with .tiff images has been identified.

Tiff Key Shows Image Format For Tif Pictures

© Stuart Miles

Brief Analysis
The warning is valid. In November 2013, Microsoft disclosed a critical zero-day vulnerability regarding how some versions of Microsoft Windows and Office handle TIFF image files. The vulnerability could allow attackers to take control of the compromised computer. Microsoft has released a temporary workaround to deal with the issue while a permanent patch for the vulnerability is prepared.  If you are using any of the affected software, you should install the workaround immediately. (See Detailed Analysis below for more information)

Bookmark and Share


DO NOT OPEN FILES ENDING .TIFF from email or websites.
As of today a vulnerability involving .TIFF files as attachments has been identified.
This means that neither Microsoft nor the antivirus companies have been able to develop tools to address this vulnerability.

Because this is a new vulnerability, the only way to protect yourself is to exercise extreme caution when opening .TIFF files, no matter how they reach you—whether via email or websites. Anti-virus and firewall protection applications may not stop this threat. Do not open any files with a filename ending in .tiff as it could be extremely damaging to your system.

Detailed Analysis

This circulating message warns users not to open any file that ends with .tiff.  According to the message, a newly detected vulnerability associated with .tiff image files could be extremely damaging to your computer if exploited. Tiff (Tagged Image File Format) is a common file format for images.

The warning is valid. In November 2013, Microsoft announced the discovery of a critical zero-day vulnerability that could leave users of some versions of Microsoft Windows, Microsoft Office, and Microsoft Lync open to attack.

A November 9 SecurityWatch article notes:

The bug (CVE-2013-3906) allows attackers to remotely execute code on the target machine by tricking users into opening files with specially crafted TIFF images, Microsoft said. When the user opens the attack file, the attacker gains the same rights and privileges as that user. This means that if the user has an administrator account, then the attacker can get full control of the machine. If the user does not have administrator privileges, then the attacker can cause only limited damage.
The SecurityWatch article further explains:
The vulnerability exists in all versions of Lync communicator service, Windows Vista, Windows Server 2008, and some versions of Microsoft Office. All installations of Office 2003 and 2007 are at risk, regardless of which operating system the suite is installed on. Office 2010 is affected, only if it is installed on Windows XP or Windows Server 2008, Microsoft said. It appears that Office 2007 is the only one currently under active attack, according to the advisory.
At the time of writing, Microsoft had not yet released a permanent patch for the vulnerability.  In the mean time, however, a "FixIt" workaround solution is available on the Microsoft support website.

Bookmark and Share

Last updated: November 21, 2013
First published: November 21, 2013
By Brett M. Christensen
About Hoax-Slayer

Microsoft in a TIFF over Windows, Office bug that runs code hidden in pics
Microsoft Zero-Day TIFF Bug Affects Older Office Software
Microsoft Security Advisory (2896666)
Microsoft Security Advisory: Vulnerability in Microsoft graphics component could allow remote code execution