New Windows zero day being exploited through PowerPoint

A vulnerability exists in Windows OLE for all versions except Server 2003. The company has released a workaround to block known attacks, but newer attacks could still get through.

Microsoft has disclosed a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003. The attack is being exploited through limited, targeted attacks using Microsoft PowerPoint.

Microsoft has released a Fix it "OLE packager Shim Workaround" that should stop the known PowerPoint attacks. It does not stop other attacks that might be built to exploit this vulnerability. The Fix it is not available for 64-bit editions of PowerPoint on x64-based editions of Windows 8 and Windows 8.1.

Tech Pro Research

Windows 10 power tips: Secret shortcuts to your favorite settings

Are you tired of clicking through categories to find a specific Windows 10 setting? If you know the right commands, you can create shortcuts that take you to specific pages with a single click

Read More

There are some important mitigating factors for this problem. It is a remote code execution vulnerability, so if a user opens an affected Office document, the attacker would gain control of the system with the same privileges as the user. Using Windows with limited permissions limits the damage this attack can cause.

Microsoft reports that in the attacks they know of, a User Account Control (UAC) prompt was raised when the user opened the document. This is not typical behavior and should alert many users that something is wrong.

Attacks could be sent through files other than Microsoft Office documents, if the handling application supports OLE objects. In reality, Office documents are the obvious vehicle for spreading such an attack.

The security advisory describing the problem also includes instructions for configuring the Enhanced Mitigation Experience Toolkit 5.0 to protect against the known attacks.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All