From PC World: Microsoft has published a temporary fix for a new zero-day flaw that affects nearly all versions of Windows and is currently being exploited via PowerPoint.
The flaw affects all Windows releases except Windows Server 2003, the company wrote in an advisory Tuesday. It can be exploited if a user is coaxed into opening a malicious Office file containing an OLE (object linking and embedding) object. OLE can allow a user to edit a PowerPoint file from within a Word document, for example.
“At this time, we are aware of limited, targeted attacks that attempt to exploit the vulnerability through Microsoft PowerPoint,” the company said.
A successful attacker would gain the same rights as a logged-in user and could put other programs on an infected computer. Microsoft said some attacks that compromise accounts without administrator rights may pose less of a risk.
The fix, which Microsoft calls the ”OLE packager shim workaround,” is for 32- and 64-bit versions of PowerPoint 2007, 2010 and 2013.
View: Article @ Source Site
