Watch out for those Power Point files. Microsoft has issued an advisory warning of a new Zero-Day vulnerability that impacts all supported versions of their Windows operating system, especially the Office product. The software giant also confirmed targeted attacks looking to exploit this flaw. The advisory says that attackers are using PowerPoint files, which contain a malicious Object Linking and Embedding (OLE) object, to trigger the vulnerability. OLE technology is used to share data between applications. All Microsoft Office file types as well as many other third-party file types could contain a malicious OLE object... In addition, compromised websites (and websites that accept or host user-provided content) could contain specially crafted content that could exploit this vulnerability, Microsofts advisory warns. What should you do: Do not open Microsoft PowerPoint files, or other files, from untrusted sources Do not open Microsoft PowerPoint files that you receive from untrusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted file. For users who manage their own systems, please refer to the Microsoft Advisory and the workaround at https://support.microsoft/kb/3010060. (see Fix It at the end of the article).
Posted on: Thu, 23 Oct 2014 15:41:59 +0000