{"id":3816,"date":"2014-10-25T00:19:37","date_gmt":"2014-10-24T16:19:37","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3816"},"modified":"2015-09-09T19:36:44","modified_gmt":"2015-09-09T11:36:44","slug":"microsoft-zero-day-ole-vuln-exploited-powerpoint","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2014\/10\/microsoft-zero-day-ole-vuln-exploited-powerpoint\/","title":{"rendered":"Microsoft Zero Day OLE Vuln Being Exploited In Powerpoint"},"content":{"rendered":"
So the latest news is, don’t open any .ppt files if you aren’t entirely sure where they came from as there is a Microsoft Zero Day vulnerability in OLE (Object Linking and Embedding) handling in Microsoft Office that is currently being exploited in the wild by malicious Powerpoint slide decks.<\/p>\n
Not that anyone reading this would be likely to do that, but yah – just so you know this vector is live and being used out there.<\/p>\n
<\/p>\n
It’s currently unpatched and it’s not clear right now if Microsoft is likely to release an out of band patch<\/a> for this or not. It is pretty serious and it is being used in the wild, so if history holds any precendence – it’s likely they will take action before the next scheduled Patch Tuesday<\/a> on November 11th.<\/p>\n Hackers are exploiting a zero-day vulnerability in Windows using malicious PowerPoint documents, Microsoft and security firms warn.<\/p>\n An advisory from Microsoft warns that the as-yet-unpatched flaw is present in all supported versions of Windows except Windows Server 2003 and has already been abused in “limited, targeted attacks”.<\/p>\n