The latest weapon hackers are using to get into many versions of Windows are PowerPoint slides.
Microsoft issued a security advisory this week on a vulnerability affecting all supported versions of Windows except WinServer 2003. So far, Microsoft says, the delivery vehicle is PowerPoint, but it could be any Office file with a malicious OLE object. While PCs with User Account Control will display a prompt for the user to allow the operating system to be modified, if approved the deed is done.
“The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object.,” Microsoft warns. “An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.”
Another possible attack method is via the Web, if an attacker delivered a user — perhaps by clicking a link in an email or SMS message — to hosted a Web site with a page that contains a specially crafted Office file with the OLE object. In all cases, however, an attacker would have no way to force users to visit these websites.
Security researcher Graham Cluley in a blog written for Lumension notes that Microsoft has a temporary fix for some PowerPoint versions. And users need to be warned not to open PowerPoints — or any other file — from unknown or untrusted sources. But, Cluley adds, that isn’t a substitute for a proper security patch.
At Computerworld U.S. Gregg Keizer said the vulnerability looks similar to one that Microsoft patched last week in its usual second Tuesday of the month fixes. He also drew attention to a blog from McAfee, which said that patch last week isn’t robust enough to shut the door on the Windows vulnerability.