Microsoft has seen no end with the recent amount of Windows zero-days appearing, as Microsoft just recently patched three more zero-day vulnerabilities this week that were being actively exploited, and now another zero-day vulnerability has been disclosed affecting all versions of the Windows operating system, excluding Windows Server 2003.
Microsoft has just issued a security advisory for the recent zero-day exploit targeted at Microsoft PowerPoint, which is currently being actively exploited. Microsoft has issued a temporary security fix for the vulnerability and has confirmed hackers are actively abusing the vulnerability through PowerPoint documents in email attachments.
According to Microsoft’s Security Advisory published Tuesday, the zero-day vulnerability (CVE-2014-6352) resides within the operating system’s code that handles object linking and embedding (OLE) objects. OLE is commonly used by Microsoft Office for embedding data from other products, such as an Excel spreadsheet in a Word document.
The vulnerability is triggered when a user opens a PowerPoint file that contains a malicious Object Linking and Embedding (OLE) object. Microsoft said hackers are only abusing PowerPoint files to execute the attack, but all Office file types can be used to carry out the same attack.
“The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” the advisory explained.
An attacker has the ability to gain the same rights as a logged-in user if they infect the victim’s computer with the exploit, which could allow attackers to install another malicious program on it. According to Microsoft’s security team, attackers that compromise accounts without administrator access pose less of a risk.
Microsoft has released a Fix it solution, “OLE packager Shim Workaround“, which will stop known PowerPoint attacks. The workaround is not capable of stopping other not known attacks that might be able to exploit the zero-day vulnerability. Also, the Fix it is not currently available for 64-bit editions of PowerPoint on x64-based or 64-bit editions of Windows 8 and Windows 8.1.
The tech giant has also urged Windows users to stay alert to the User Account Control (UAC) prompt, a pop-up alert that requires authorization before the Operating System allows the computer to perform or execute various tasks. Microsoft says this could warn a user once the exploit may be about to trigger, asking permission by the user to execute. Many times users see the prompt as hassle or inconvenience and as habit click ok or allow without second thought.
“In observed attacks, User Account Control (UAC) displays a consent prompt or an elevation prompt, depending on the privileges of the current user, before a file containing the exploit is executed,” Microsoft’s advisory states.
Sources have said there are no third-party or out of band patches available, nor did they mention if a patch will be available for Microsoft’s Patch Tuesday coming in November.
Microsoft has had a variable of issues with zero-day vulnerabilities this month and in the past days. Recently the company patched a vulnerability that had been exploited for five years by the Russian Sandworm APT gang. As well, yesterday the company had to pull a faulty SHA-2 patch that was giving users errors.
Microsoft has been quick to respond to the security issues and offer permanent as well as temporary workarounds for ongoing exploits.