Hacking News

Zero-Day Vulnerablity in Microsoft PowerPoint

Recently Microsoft patched three critical zero-day vulnerabilities in Microsoft Windows which were actively exploited by hackers and now again Microsoft has disclosed a new zero vulnerability affecting all supported releases of Microsoft Windows operating system, excluding Windows Server 2003.

Microsoft has released a security fix for the vulnerability “OLE packager Shim Workaround” that will stop the known PowerPoint attacks. The patch is not available for 64 bit versions of PowerPoint on 64-based versions of Windows 8 & Windows 8.1.

Microsoft also confirmed that the zero-day vulnerability is being actively exploited by the cyber criminals through limited, targeted attacks using malicious Microsoft PowerPoint documents sent as email attachments.

Microsoft published a Security Advisory Tuesday, According to the advisory the zero-day vulnerability resides within the Windows operating system’s code that handles OLE (object linking and embedding) objects. OLE technology is most commonly used by Microsoft Office for embedding data.

How the flaw work in Microsoft PowerPoint ?

The flaw designated as CVE-2014-6352 is executed when a user is forced to open a Microsoft PowerPoint files containing a malicious OLE Object Linking and Embedding object. For now on, only PowerPoint files are used by attackers to carry out attacks, but all Office file types can also be used to carry out same attack.

The advisory also explainedThe vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

By accessing same rights as a current user, an hacker could infect victim’s computer by installing other infected programs on it. According to the company, some attacks that compromise users accounts without administrator rights may pose less amount of a risk.

Microsoft also reported that in the attacks they are aware of, User Account Control (UAC) prompt was pop up when the user opened the malicious document. This is not typical behavior and should alert users that something is wrong.

Microsoft’s advisory states, In observed attacks, User Account Control (UAC) displays a consent prompt or an elevation prompt, depending on the privileges of the current user, before a file containing the exploit is executed.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Popular

To Top

Subscribe For Latest Updates

Signup for our newsletter and get notified when we publish new articles for free!