Microsoft forced to issue quick fix for PowerPoint flaw

News
By Rene Millman
published

Vulnerability affects almost all versions of Windows

A bug in PowerPoint has been discovered that will allow hackers to hijack a victim's PC.

The zero-day vulnerability was outlined in an advisory by the firm, and prompted Microsoft to issue a one-click "Fixit" tool to help users protect their PCs while a patch is developed.

Hackers can take over a PC by sending victim's a message with a malicious Office file containing an OLE (Object Linking and Embedding) file.

By persuading users to open the file, hackers could then gain the same rights as the user, allowing criminals to install malware on the victim's computer.

"Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

"The attack requires user interaction to succeed on Windows clients with a default configuration, as User Account Control (UAC) is enabled and a consent prompt is displayed," the advisory stated.

Microsoft added that it is "aware of limited, targeted attacks that attempt to exploit the vulnerability through Microsoft PowerPoint". The flaw is said to affect all supported versions of Windows including Windows Server 2008 and 2012.

Security experts said hackers are likely to employ phishing techniques to infect victims.

"This is not the first time that a vulnerability in OLE has been exploited by cybercriminals, however most previous OLE vulnerabilities have been limited to specific older versions of the Windows operating system," said Mark Sparshott, EMEA director at Proofpoint.

"What makes this vulnerability dangerous is that it affects the latest, fully-patched versions of Windows."

He added that while Microsoft and security vendors rush to close the security hole, "the best form of defence remains using the latest next generation detection technologies such as sandboxing at the email gateway to prevent the emails reaching users in the first place".

"Organisations not yet using advanced detection tools will need to fall back to notifying users and relying on them not to click the links and open files," he added.

Rene Millman
Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.