New Windows zero day being exploited through PowerPoint

  • 22 October 2014
  • 1 reply
  • 2 views

Userlevel 7
Badge +52
A vulnerability exists in Windows OLE for all versions except Server 2003. The company has released a workaround to block known attacks, but newer attacks could still get through.

Microsoft has disclosed a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003. The attack is being exploited through limited, targeted attacks using Microsoft PowerPoint.
Microsoft has released a Fix it "OLE packager Shim Workaround" that should stop the known PowerPoint attacks. It does not stop other attacks that might be built to exploit this vulnerability. The Fix it is not available for 64-bit editions of PowerPoint on x64-based editions of Windows 8 and Windows 8.1.
 
Full Article

1 reply

Userlevel 7
by Dennis Fisher  Posted on 10/22/2014
 
Attackers are using a zero day vulnerability in nearly all supported versions of Windows in a series of targeted attacks. The flaw is in the OLE technology in Windows and can be used for remote code execution is a targeted user opens a rigged Office file.
Microsoft is warning customers that there is no patch available for this new vulnerability. The company has issued a FixIt tool that mitigates the known attacks on the vulnerability, but is still looking into whether a full patch will be necessary.
“Microsoft is aware of a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. The attack requires user interaction to succeed on Windows clients with a default configuration, as User Account Control (UAC) is enabled and a consent prompt is displayed,” the Microsoft advisory says.
 
 
Full Article

Reply