A new zero-day flaw has been actively exploited by cyber-criminals, targeting primarily users on workstations and servers who open files with embedded OLE (Object Linking and Embedding) objects. At the moment, the vulnerability is exploited via PowerPoint files.
OLE objects in this particular case are used to display an Excel Sheet chart within a PowerPoint presentation. Experts explain that OLE vulnerabilities are often misused by cyber criminals for malicious practices, but this particular one is especially threatening, because it affects the latest fully patched Windows versions.
The OLE Vulnerability Exploited in Different Attacks
The flaw can be exploited only with the user’s interaction. In a hypothetical email attack, the malicious file would be attached to the message in a convincing manner so the user would open the OLE containing file, which can be any kind of Microsoft Office file or other third party file types.
In a hypothetical web-based attack, the hackers would create a webpage that contains the malicious PowerPoint or Microsoft Office file to exploit the flaw. Malicious websites or ones that host content provided by users could include specifically designed content that exploits the vulnerability. For this scenario, the hackers would have to convince the user to visit the webpage through the use of a hyperlink that would redirect the victim to the malicious page.
In case of a successful attack the cyber criminals would gain administrative rights over the compromised machine and be able to access, delete or modify data, install programs or create different accounts.
No Patches Available Yet
Microsoft is still working on the matter. So far the company is considering two options – to wait till the next Patch Tuesday in order to plug the hole or to issue and out-of-band patch.
There are a few thing users could do to block known attack vectors:
- Implement a certain Fix It solution (click for instructions here).
- Avoid opening Microsoft Office or PowerPoint files from unknown or potentially unsafe sources.
- Do not download email attachments they are not expecting.
Security vendors are doing their best to close the security hole but until then, hackers will keep on exploiting it for malicious purposes. Yet, the most effective defense mechanism in such cases remains the use of the latest detection technologies.
