Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 8 June, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Microsoft acknowledges exploits of zero-day flaw

by The Gurus
October 22, 2014
in Editor's News
Share on FacebookShare on Twitter

A fresh zero-day flaw in Microsoft PowerPoint is being exploited, which has caused Microsoft to issue a warning.
 
In an advisory, Microsoft said that the vulnerability could allow remote code execution and affects all supported releases of Microsoft Windows, apart from Windows Server 2003. ”At this time, we are aware of limited, targeted attacks that attempt to exploit the vulnerability through Microsoft PowerPoint,” it warned.
 
The vulnerability is in Microsoft Object Linking and Embedding (OLE), a technology that allows applications to share data and functionality, such as the ability to create and edit compound data.
 
Mark Sparshott, EMEA director at Proofpoint, said that OLE is legitimately used to display parts of a file within another file, for example to display a chart from an Excel Spreadsheet within a PowerPoint presentation.
 
“This is not the first time that a vulnerability in OLE has been exploited by cyber criminals, however most previous OLE vulnerabilities have been limited to specific older versions of the Windows operating system,” he said. “What makes this vulnerability dangerous is that it affects the latest fully patched versions of Windows.”
 
Lamar Bailey, director of security research and development at Tripwire, said that despite Vista, Windows RT, Server and 8 being vulnerable in parts, this was not a major issue.
 
“The vulnerability is just an escalation of privilege issue and requires a watering hole attack and/or persuading the victim to open a file to exploit,” he said. “If a user can be convinced via email, instant message, social media, or in some manner to open a PowerPoint attachment then the attacker will gain the same user rights as the current user.
 
“If the current user has the ability to install programs or access critical systems in the environment this could be used by attackers to gain a foothold in a network and the exploited system would be used as a base of attack.”

FacebookTweetLinkedIn
Tags: FlawMicrosoftVulnerabilityZero-Day Flaw
ShareTweet
Previous Post

Good Technology completes acquisition of Macheen

Next Post

Facebook deploys credential analysis tool to protect users

Recent News

large open office, bright.

Employees Feel 10 Times Calmer in an Environmentally Friendly Office Space

June 7, 2023
Blue Logo OUTPOST24

Outpost24 Acquires EASM Provider Sweepatic

June 7, 2023
Standard post, logos of brands, headshot.

J Brand: The Challenges of Putting Mental Health First in an Unfamiliar Industry

June 6, 2023
iPad with Anxiety written on it in capitals.

Half of UK Employees Suffer From “Sunday Scaries”

June 6, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information