Microsoft warns of Windows 0-day hack via PowerPoint

Slides and decks

Using Windows? Then be wary of PowerPoint files sent to you as they might be a doorway for hackers to take control of your computer.

Microsoft has issued a security advisory regarding a vulnerability in in its OLE (Object Linking and Embedding) feature that could allow a third-party to execute code remotely.

OLE has been a very useful feature available in Microsoft Office applications for nearly a quarter of a century now and allows you to bring a file within another (e.g. a video in a document).

While OLE-linked advisories have been issued in the past, what makes this one worthy of notice is the fact that it is unpatched and affects all versions of Windows bar Server 2003.

Not everyone however is convinced of its importance. Tripwire's Lamar Bailey reckons that it is not a major issue.

He added "The vulnerability is just an escalation of privilege issue and requires a watering hole attack and/or persuading the victim to open a file to exploit."

In other word, the target needs to do most of the leg work – and be gullible enough - in order for the trick to work.

If you don't open PowerPoint files from unknown sources and have UAC (User Account Control), then it's likely that you're not a risk.

ABOUT THE AUTHOR

Editor, TechRadar Pro

Désiré (Twitter, Google+) has been musing and writing about technology since 1997. Following an eight-year stint at ITProPortal.com where he discovered the joys of global techfests, developing an uncanny attraction for anything silicon, Désiré now heads up TechRadar Pro.