Recently Microsoft patched three critical zero-day vulnerabilities in Microsoft Windows which were actively exploited by hackers and now again Microsoft has disclosed a new zero vulnerability affecting all supported releases of Microsoft Windows operating system, excluding Windows Server 2003.
Microsoft has released a security fix for the vulnerability “OLE packager Shim Workaround” that will stop the known PowerPoint attacks. The patch is not available for 64 bit versions of PowerPoint on 64-based versions of Windows 8 & Windows 8.1.
Microsoft also confirmed that the zero-day vulnerability is being actively exploited by the cyber criminals through limited, targeted attacks using malicious Microsoft PowerPoint documents sent as email attachments.
Microsoft published a Security Advisory Tuesday, According to the advisory the zero-day vulnerability resides within the Windows operating system’s code that handles OLE (object linking and embedding) objects. OLE technology is most commonly used by Microsoft Office for embedding data.
How the flaw work in Microsoft PowerPoint ?
The advisory also explained, The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
By accessing same rights as a current user, an hacker could infect victim’s computer by installing other infected programs on it. According to the company, some attacks that compromise users accounts without administrator rights may pose less amount of a risk.
Microsoft also reported that in the attacks they are aware of, User Account Control (UAC) prompt was pop up when the user opened the malicious document. This is not typical behavior and should alert users that something is wrong.
Microsoft’s advisory states, In observed attacks, User Account Control (UAC) displays a consent prompt or an elevation prompt, depending on the privileges of the current user, before a file containing the exploit is executed.