Out of band security advisory related to TIFF that could allow remote code execution #Lync #Office

Microsoft today released a out-of-band security advisory on an issue with how Office clients, Lync included handle TIFF files, this exploit could allow remote code execution and I think this is the second time that TIFF is affected in about a year if I am not mistaken.

For more information please see the official advisory from Microsoft

Microsoft Security Advisory (2896666)

There is a workaround published describing how to mitigate this by disabling the TIFF codec.

Disable the TIFF codec

Note See Microsoft Knowledge Base Article 2896666 to use the automated Microsoft Fix it solution to enable or disable this workaround.

You can prevent TIFF files from being displayed by modifying the registry to control the parsing of the TIFF codec. By changing the registry entries, you can control which images are parsed and rendered and which images are rejected in GDI+. For example, you can select to parse and render Joint Photographic Experts Group (JPEG) images, but block Tagged Image File Format (TIFF) images.

Warning: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Note After you change a registry entry, you must restart the application that uses the codec.

To disable the TIFF codec:

  1. To add a registry entry, create the following registry subkey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Gdiplus
  2. Create a DWORD value for the TIFF code by creating a registry entry (DWORD value) under the registry subkey you created in step 1:DisableTIFFCodec
  3. To disable the TIFF codec, set value of the DisableTIFFCodec registry entry to 1.

Impact of Workaround. You will not be able to view TIFF files.

How to undo the workaround

To re-enable the TIFF codec, set the value of the DisableTIFFCodec registry entry to 0.