Microsoft warns users of Windows and Office hacking threats

Microsoft is investigating private reports of targeted attacks exploiting a 'vulnerability' in its operating system that could allow hackers to gain user rights to certain computers.

In a statement released on Tuesday, Microsoft said Windows Vista, Windows Server 2008, Microsoft Office 2003-10 and Microsoft Lync could all be affected by the issue.

"An attacker could exploit this vulnerability," the statement said, "by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content.

"An attacker who successfully exploited the vulnerability could gain the same user rights as the current user."

Dustin C. Childs, manager for incident response communications within the Trustworthy Computer Group at Microsoft, said in a blog post that the exploit requires user interaction and may be disguised as an email requesting targets to open a specially crafted Word attachment.

"If the attachment is opened or previewed, it attempts to exploit the vulnerability using a malformed graphics image embedded in the document," Childs said. "An attacker who successfully exploited the vulnerability could gain the same user rights as the logged on user."

Microsoft has said that the targeted attacks it is aware of have largely taken place in the Middle East and South Asia. The company claims that the current versions of Microsoft Windows and Office are not affected by this issue.

In order to remedy the problem, Microsoft has said one potential fix could be a security update through its monthly release process.

Last month Microsoft awarded $100,000 (£62,760) to a British hacker for finding loopholes in its operating system that would leave it open to cyber-attacks.