Industry News

Zero-Day Remote Code Execution Flaw Disclosed by Microsoft; Workarounds Issued

Microsoft has disclosed on Tuesday in a Security Advisory a Windows OLE zero-day remote code execution (RCE) vulnerability  in PowerPoint and released a quick fix.

The vulnerability impacts all Windows versions, except Windows Server 2003 and it is currently being exploited via malicious Office files that contain OLE (Object Linking and Embedding) objects.

“The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object,” the advisory stated.

“At this time, we are aware of limited, targeted attacks that attempt to exploit the vulnerability through Microsoft PowerPoint.”

office-flawThe OLE technology allows users to cross-edit documents within other editor, for example editing a PowerPoint file within the Word text editor.

If exploited, the flaw could allow an attacker to gain the same rights as the active user and further infect the victim’s system. This is why accounts with less administrative privileges pose a lower risk if they are exploited.

Phishing and social engineering are still the favorite methods cybercriminals use when it comes to exploiting this kind of zero-day flaws, as the attacks could employ emails with malicious attachments containing “specially crafter content” in order to redirect the victim to a compromised web site.

“An attacker would have to persuade the targeted user to visit the website, typically by getting them to click a hyperlink that directs a web browser to the attacker-controlled website.”

phishing-attacks-inflict-687-million-in-losses-in-first-half

The mitigation workarounds on both 32-bit and x64 Windows editions contain applying a fix dubbed “OLE packager Shim Workaround”, not opening MS PowerPoint files received from untrusted sources and enabling User Account Control (UAC) for better containment of privilege escalation issues.

Microsoft also advised that another workaround would be the deployment of Enhanced Mitigation Experience toolkit and configure the Attack Surface Reduction, as explained in their advisory.

It is also essential for users to have an antivirus software installed on their computers and keep their operating systems patched with the latest updates.

The news comes just one week after Microsoft issued the October Security Bulletin, covering no more than three zero-day flaws.

About the author

Lucian Ciolacu

Still the youngest Bitdefender News writer, Lucian is constantly after flash news in the security industry, especially when something is vulnerable or exploited. Besides digging for 'hacker' scoops and data leaks, he enjoys sports, such as football and tennis.
He has also combined an interest for social and political sciences, as a graduate of the Political Science Faculty, with a passion for guitar and computer games.