Zero-Day Remote Code Execution Flaw Disclosed by Microsoft; Workarounds Issued

Microsoft has disclosed on Tuesday in a Security Advisory a Windows OLE zero-day remote code execution (RCE) vulnerability in PowerPoint and released a quick fix.

The vulnerability impacts all Windows versions, except Windows Server 2003 and it is currently being exploited via malicious Office files that contain OLE (Object Linking and Embedding) objects.

“The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object,” the advisory stated.

“At this time, we are aware of limited, targeted attacks that attempt to exploit the vulnerability through Microsoft PowerPoint.”

The OLE technology allows users to cross-edit documents within other editor, for example editing a PowerPoint file within the Word text editor.

If exploited, the flaw could allow an attacker to gain the same rights as the active user and further infect the victim’s system. This is why accounts with less administrative privileges pose a lower risk if they are exploited.

Phishing and social engineering are still the favorite methods cybercriminals use when it comes to exploiting this kind of zero-day flaws, as the attacks could employ emails with malicious attachments containing “specially crafter content” in order to redirect the victim to a compromised web site.

“An attacker would have to persuade the targeted user to visit the website, typically by getting them to click a hyperlink that directs a web browser to the attacker-controlled website.”

The mitigation workarounds on both 32-bit and x64 Windows editions contain applying a fix dubbed “OLE packager Shim Workaround”, not opening MS PowerPoint files received from untrusted sources and enabling User Account Control (UAC) for better containment of privilege escalation issues.

Microsoft also advised that another workaround would be the deployment of Enhanced Mitigation Experience toolkit and configure the Attack Surface Reduction, as explained in their advisory.

It is also essential for users to have an antivirus software installed on their computers and keep their operating systems patched with the latest updates.

The news comes just one week after Microsoft issued the October Security Bulletin, covering no more than three zero-day flaws.