Microsoft has issued a temporary fix for the critical zero-day flaw affecting nearly all Windows versions. Hackers are reportedly exploiting the vulnerability using malicious PowerPoint files, allowing remote code execution in a successful attack.
“A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains an infected Object Linking and Embedding (OLE) file,” said Microsoft Director of Response Communications Tracey Pretorious in a blog post.
However, the company noted it was currently aware of “limited, targeted attacks” attempting to exploit the flaw.
Craig Young, Tripwire security researcher, explains code execution through crafted documents is a very popular attack vector that continues to deceive users. “Fortunately, most document-based attacks affect user-space processes, meaning that attackers generally only receive the same permissions as the active user, unless a secondary vulnerability is triggered,” said Young.
Microsoft’s security advisory states the company is actively working to provide broader protections to customers upon completion of further investigation. The company noted the resolution of the issue may include providing a security update through its monthly patch updates or providing an out-of-cycle security update.
The temporary “FixIt” workaround can be applied to 32- and 64-bit versions of PowerPoint 2007, 2010 and 2013. Windows Server 2003 users are not affected by the vulnerability.
The severe flaw comes only weeks after a previous bug in the OLE packager was also discovered. On October 14, researchers at iSIGHT Partners revealed a similar flaw was being exploited in connection with a cyber espionage campaign.
“It’s a rather common occurrence to see Microsoft fix a vulnerability and then, in the following months, multiple similar items are disclosed,” said Tyler Reguly, Tripwire’s manager of security research and member of the Vulnerability and Exposure Research Team (VERT). “As usual, people will call for Microsoft to issue an out-of-band update and, again as usual, those people will be wrong.”
Reguly adds that since the attack is currently limited, rushing an update without proper testing has its consequences, “Microsoft has released the FixIt, an approach that has become more and more popular but we don’t know the statistics on the number of users that download and apply the FixIt. These would be interesting statistics for Microsoft to release.”
In the mean time, Bailey suggests users can protect themselves by not opening PowerPoint documents from unknown parties, even mails from known addresses should be avoided unless you can confirm with the sender that it was intentionally sent.
Read More Here…