DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides Hackers are exploiting a zero-day vulnerability in Windows using malicious PowerPoint documents, Microsoft and security firms warn. An advisory from Microsoft warns that the as-yet-unpatched flaw is present in all supported versions of Windows except Windows Server 2003 and has already been abused in "limited, targeted attacks …
Should be though the related functionality might be missing. Then again OLE is such a fucked up implementation of applications as components that it probably won't be missed.
Then again LibreOffice has enough bugs of its own. I appreciate some of the things the devs are trying to do but I've binned it until it stops crashing so much. I find OpenOffice considerably more stable.
Well what is interesting is that MS are saying the vulnerability is in the way OLE is implemented in Windows (post XP/2003), rather than in Office itself. Hence I would assume that if you knew what the exploit was you could craft similar exploits in other OLE enabled applications.
Looking at the EMET settings given in the MS workaround, it looks as if the exploit makes use of Flash via OLE. Interestingly, when EMET 5.0 was released MS blocked this particular attack vector in Excel and Word but omitted the other Office programs, hence why Powerpoint is being mentioned...
An advisory from Microsoft warns that the as-yet-unpatched flaw is present in all supported versions of Windows except Windows Server 2003...
Which means that Windows XP is most likely not vulnerable, either. I wonder how many people will continue to use it until it achieves the status of too old to run current malware.
Nice one! I now have this vision of malware popping up a message:
Unsupported Windows Version! To run Steal All My Credentials (SAMC) V 7.0 and above you must upgrade to Windows 7.0 Service Pack 1, at minimum. SAMC V7 will now terminate, we apologize for the inconvenience
"I wonder how many people will continue to use [XP] until it achieves the status of too old to run current malware."
NT4 has reached such a sweet spot - it has gained a level of security via obscurity, while remaining somewhat usable. Of course it's not impenetrable against a determined attack, but most of the automated exploits wouldn't work against hardened NT, because expected features just aren't there. Widely known attack vectors have widely known mitigation techniques. No further patches forthcoming, ergo no new nasty surprises, just the old and toothless ones.
For XP it's harder to achieve. It has more attack surfaces that cannot be closed without breaking it. TinyXP seems to be as slim as it gets.
"... won't cough admin privileges to the hacker – at least not by itself. Attacks are likely to generate pop-up warnings and under default settings a User Access Control popup would get displayed."
Ohhh, you mean that "this program is requesting admin rights" pop up where everyone just clicks Yes when they see it?
Better grab a SCORPION STARE device and run like hell, because you're not supposed to actually implement Charlie Stross's books.
Next we'll be having PDFs that wake the Sleeper in the Pyramid... oh, wait. That would be the PeopleSoft HRMS schema documentation. So never mind then.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
