The opportunities for hackers and cybercriminals never seems to end.
Microsoft issued a warning this week on an unpatched zero day vulnerability that threatens users of Windows PowerPoint. The issue comes on the heels of 3 critical zero day vulnerabilities addressed in last week’s so called “Patch Tuesday” advisories.
In this week’s advisory, Microsoft warns the vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office PowerPoint file that contains an OLE object. OLE (Object Linked Embedding) allows a user to insert data from one file into another, such as a Paintbrush drawing into a PowerPoint file. This allows for updating the PowerPoint file when the embedded object is updated in its own program.
An attacker could gain the same user rights as the current user and have full control over their computer if they have administrative rights.
The vulnerability affects all supported releases of Microsoft Windows, except Windows Server 2003. Microsoft did not issue a fix at this time, but is expected to in the near future.
Microsoft warned that attackers might spread infected files from web sites, presumably via phishing scams where a user is tricked into visiting a malicious site. This is commonly done by sending emails that entice that the reader to click on a link under false pretenses.
Last week, Microsoft issued security advisories that include 3 critical zero day vulnerabilities, including one for the notorious “Sandworm” vulnerability in Windows. The vulnerability was identified by iSIGHT, a security firm specializing in intelligence and cyberwar issues. iSIGHT reports that the vulnerability impacts all versions of Microsoft Windows and has identified in various Russian based attacks targeting western interests including NATO, the European Union and critical infrastructure.
The second zero-day flaw could allow an attacker to circumvent Internet Explorer sandboxing capabilities in Internet Explorer”. The third zero-day, from last week’s advisories, could allow an attacker to embedded some malicious code within a TrueType font. Attackers can use the fonts on web sites where it will be downloading and the malicious code auto executed on an unwitting site visitor’s computer.
Comodo Internet Security and antivirus are designed especially to keep users safe from zero day threats. Their unique Default Deny architecture with sandboxing ensure that the worst thing that can occur with malware is for the malicious program to run safely in a secure and isolated sandbox.