New Windows zero day being exploited through PowerPoint

Status
Not open for further replies.

Venustus

Level 59
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
Summary: A vulnerability exists in Windows OLE for all versions except Server 2003. The company has released a workaround to block known attacks, but newer attacks could still get through.

Microsoft has disclosed a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003. The attack is being exploited through limited, targeted attacks using Microsoft PowerPoint.
Microsoft has released a Fix it "OLE packager Shim Workaround" that should stop the known PowerPoint attacks. It does not stop other attacks that might be built to exploit this vulnerability. The Fix it is not available for 64-bit editions of PowerPoint on x64-based editions of Windows 8 and Windows 8.1.

There are some important mitigating factors for this problem. It is a remote code execution vulnerability, so if a user opens an affected Office document, the attacker would gain control of the system with the same privileges as the user. Using Windows with limited permissions limits the damage this attack can cause.

Microsoft reports that in the attacks they know of, a User Account Control (UAC) prompt was raised when the user opened the document. This is not typical behavior and should alert many users that something is wrong.

Attacks could be sent through files other than Microsoft Office documents, if the handling application supports OLE objects. In reality, Office documents are the obvious vehicle for spreading such an attack.

The security advisory describing the problem also includes instructions for configuring the Enhanced Mitigation Experience Toolkit 5.0 to protect against the known attacks.



 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top