{"id":3816,"date":"2014-10-25T00:19:37","date_gmt":"2014-10-24T16:19:37","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3816"},"modified":"2015-09-09T19:36:44","modified_gmt":"2015-09-09T11:36:44","slug":"microsoft-zero-day-ole-vuln-exploited-powerpoint","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2014\/10\/microsoft-zero-day-ole-vuln-exploited-powerpoint\/","title":{"rendered":"Microsoft Zero Day OLE Vuln Being Exploited In Powerpoint"},"content":{"rendered":"

So the latest news is, don’t open any .ppt files if you aren’t entirely sure where they came from as there is a Microsoft Zero Day vulnerability in OLE (Object Linking and Embedding) handling in Microsoft Office that is currently being exploited in the wild by malicious Powerpoint slide decks.<\/p>\n

Not that anyone reading this would be likely to do that, but yah – just so you know this vector is live and being used out there.<\/p>\n

\"Microsoft<\/p>\n

It’s currently unpatched and it’s not clear right now if Microsoft is likely to release an out of band patch<\/a> for this or not. It is pretty serious and it is being used in the wild, so if history holds any precendence – it’s likely they will take action before the next scheduled Patch Tuesday<\/a> on November 11th.<\/p>\n

Hackers are exploiting a zero-day vulnerability in Windows using malicious PowerPoint documents, Microsoft and security firms warn.<\/p>\n

An advisory from Microsoft warns that the as-yet-unpatched flaw is present in all supported versions of Windows except Windows Server 2003 and has already been abused in “limited, targeted attacks”.<\/p>\n

The bug (CVE-2014-6352<\/a>) can be triggered by sending a specially crafted Microsoft Office files to intended targets before tricking them into opening the booby-trapped files. “Currently, attacks using PowerPoint files are known to exist, but all Office file types can be used to carry out this attack,” Jonathan Leopando, a technical communications staffer at Trend Micro, warns in a blog post.<\/p>\n

The specially crafted malicious files would contain a malicious Object Linking and Embedding (OLE) object, a technology used to share data between applications that allows a chart from an Excel Spreadsheet within a PowerPoint presentation, among other functions. Tricking a user into opening a malicious file results in an infected machine but won’t cough admin privileges to the hacker \u2013 at least not by itself. Attacks are likely to generate pop-up warnings and under default settings a User Access Control popup would get displayed.<\/p>\n

This means that user interaction would be needed to run successful attacks based on CVE-2014-6352 alone, an important limiting factor. Nonetheless the unpatched flaw is bad news for corporate security and a promising potential route into systems for cyberspies and the like. Redmond is investigating.<\/p><\/blockquote>\n