Microsoft Office PowerPoint Vulnerable to Zero-day Attack

Tech Giant Microsoft announced a new zero-day vulnerability that affects all versions of windows operating systems except Windows server 2003. According to an advisory issued by Microsoft, the vulnerability allows the hacker to gain full administrative rights to your system.

The vulnerability codenamed CVE-2014-6352, is within the operating systems code for handling OLE (object Linking and embedding). Basically Ole is a technology that enables application to share data in different formats. For instance OLE allows a user to edit and Excel spreadsheet in a word document.

“The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” the advisory

Microsoft issued a temporary patch named ”OLE packager shim workaround ” for 32- and 64-bit versions of PowerPoint 2007, 2010 and 2013, in an effort to quell reported attacks. “At this time, we are aware of limited, targeted attacks that attempt to exploit the vulnerability through Microsoft PowerPoint,” stated the advisory.

According to the advisory, the attacker can exploit the vulnerability by sending a malicious file through email or instant messaging. Likewise, the attacker will trick the user into clicking links that directs the user to websites with “specially crafted office file” that contain malicious OLE objects. “An attacker would have to persuade the targeted user to visit the website, typically by getting them to click a hyperlink that directs a web browser to the attacker-controlled website,” Microsoft wrote.

More importantly, giving the hacker the rights as the current users exposes the victim to an array of computer frauds. For instance if the current user is logged on the system administrator, the attacker will take full control of the system giving him access to sensitive information.

Although Microsoft did not give an explicit date of releasing the Patch for the Zero- day vulnerability, there are various mitigation option available to the users. First it is advisable to open all files from the internet using protected view which is usually enabled by default. Microsoft also advised users to limit their system administrative rights if necessary. “Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.”

Other mitigation strategies include paying attention to User Accounts Control alerts pop-ups. UAC are small alerts that require authorization before the operating system can run a software or download certain files. Some UAC alerts require authorization from the system administrator.

According to Microsoft the UAC authorizations alerts will detected the infected OLE objects and will not run the malicious files with prompting the authority of the user. “In observed attacks, User Account Control (UAC) displays a consent prompt or an elevation prompt, depending on the privileges of the current user, before a file containing the exploit is executed,” Microsoft’s advisory states.

Last month Microsoft issued released a patch for similar Zero-day vulnerability in all supported versions of Microsoft Windows and Windows Server 2008 and 2012. The flaw discovered by researchers at iSight Partners was reportedly exploited by Russian hackers to target Ukrainian government agencies, NATO computers, Western European government agencies and companies in the telecommunications and energy sectors.

Lawrence Mwangi Lawrence is a technology and business reporter. He has freelanced for a number of tech sites and magazines. He is a web-enthusiast, with a special interest in Online security, Entrepreneurship and Innovation. When not writing about tech he can be found in a Tennis court or on a chess board.
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.