Saturday, November 1, 2014

HIGH RISK Windows bug exploited in the wild

Except for Windows Server 2003 all remaining versions of Microsoft Windows are susceptible to 0-day flaw found in the OLE (Object Linking and Embedding) technology that allows remote code execution on the victim's machine. OLE is used in the Microsoft Office applications to create and edit data in multiple formats. The company is also aware of targeted attacks which can be exploited by using PowerPoint documents. Due to this, Microsoft has come up with a workaround dubbed 'Fix it'. Microsoft gives credit to cyber security researchers Drew Hintz, Shane Huntley, and Matty Pellegrino of the Google Security Team and Haifei Li and Bing Sun of the McAfee Security Team for finding and analyzing the vulnerability. Company also urged users to perform double-check before opening Office documents especially PowerPoint documents. <more>

No comments: