Jump to content


Microsoft warns of Windows 0-day hack via PowerPoint

  • Please log in to reply
No replies to this topic

OFFLINE   sincity


    Advanced Member

  • Members
  • PipPipPipPip
  • 2980 posts
Getting Better
Microsoft warns of Windows 0-day hack via PowerPoint

Using Windows? Then be wary of PowerPoint files sent to you as they might be a doorway for hackers to take control of your computer.

Microsoft has issued a security advisory regarding a vulnerability in in its OLE (Object Linking and Embedding) feature that could allow a third-party to execute code remotely.

OLE has been a very useful feature available in Microsoft Office applications for nearly a quarter of a century now and allows you to bring a file within another (e.g. a video in a document).

While OLE-linked advisories have been issued in the past, what makes this one worthy of notice is the fact that it is unpatched and affects all versions of Windows bar Server 2003.

Not everyone however is convinced of its importance. Tripwire's Lamar Bailey reckons that it is not a major issue.

He added "The vulnerability is just an escalation of privilege issue and requires a watering hole attack and/or persuading the victim to open a file to exploit."

In other word, the target needs to do most of the leg work and be gullible enough - in order for the trick to work.

If you don't open PowerPoint files from unknown sources and have UAC (User Account Control), then it's likely that you're not a risk.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users