Microsoft warns of Windows zero-day; hackers serve exploits in PowerPoint files

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/article/2836722/microsoft-warns-of-windows-zero-day-hackers-serve-exploits-in-powerpoint-files.html

By Gregg Keizer
Computerworld
Oct 21, 2014

Microsoft on Tuesday warned Windows users that cyber criminals are 
exploiting a zero-day vulnerability using malicious PowerPoint documents 
sent as email attachments.

In an advisory, Microsoft outlined the bug and provided a one-click tool 
from its "Fixit" line that customers can use to protect their PCs until a 
patch is available.

Although Microsoft does not label its advisories with the same four-step 
threat scoring system it uses for security updates, it said that a 
successful exploit would let hackers hijack the PC so that they could, for 
example, steal information or plant other malware on the machine.

The vulnerability affects all versions of Windows, from the aged Windows 
Server 2003 to the very newest Windows 8.1, and is within the operating 
system's code that handles OLE (object linking and embedding) objects. OLE 
is most commonly used by Microsoft Office for embedding data from an Excel 
spreadsheet in, say, a Word document.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/