A fresh zero-day flaw in Microsoft PowerPoint is being exploited, which has caused Microsoft to issue a warning.
In an advisory, Microsoft said that the vulnerability could allow remote code execution and affects all supported releases of Microsoft Windows, apart from Windows Server 2003. ”At this time, we are aware of limited, targeted attacks that attempt to exploit the vulnerability through Microsoft PowerPoint,” it warned.
The vulnerability is in Microsoft Object Linking and Embedding (OLE), a technology that allows applications to share data and functionality, such as the ability to create and edit compound data.
Mark Sparshott, EMEA director at Proofpoint, said that OLE is legitimately used to display parts of a file within another file, for example to display a chart from an Excel Spreadsheet within a PowerPoint presentation.
“This is not the first time that a vulnerability in OLE has been exploited by cyber criminals, however most previous OLE vulnerabilities have been limited to specific older versions of the Windows operating system,” he said. “What makes this vulnerability dangerous is that it affects the latest fully patched versions of Windows.”
Lamar Bailey, director of security research and development at Tripwire, said that despite Vista, Windows RT, Server and 8 being vulnerable in parts, this was not a major issue.
“The vulnerability is just an escalation of privilege issue and requires a watering hole attack and/or persuading the victim to open a file to exploit,” he said. “If a user can be convinced via email, instant message, social media, or in some manner to open a PowerPoint attachment then the attacker will gain the same user rights as the current user.
“If the current user has the ability to install programs or access critical systems in the environment this could be used by attackers to gain a foothold in a network and the exploited system would be used as a base of attack.”