Yet another security vulnerability in Windows, Office and Lync has been discovered that could enable remote code execution. The vulnerability is triggered if the user views content that contains specially adapted TIFF files. The vulnerability was first noted in security advisory 2896666 published in early November.
The fix is Microsoft Security Bulletin MS13-096. To resolve the fix, there are a number of potential patches that need to be applied – these now appear to have shipped via Automatic Update. So for home systems, if you are using Lync, or office or later versions of Windows, make sure your systems are all patched (Microsoft/Windows update should do the trick). If you are an an oganisation that managed software updates, make sure the updates for this security bulletin are applied.