Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 0-Day Exploited In Ongoing Attacks

Posted by Soulskill on from the gift-that-keeps-on-giving dept.

An anonymous reader writes: Microsoft is warning users about a new Windows zero-day vulnerability that is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects. The vulnerability is currently being exploited via PowerPoint files. These specially crafted files contain a malicious OLE (Object Linking and Embedding) object. This is not the first time a vulnerability in OLE has been exploited by cybercriminals, however most previous OLE vulnerabilities have been limited to specific older versions of the Windows operating system. What makes this vulnerability dangerous is that it affects the latest fully patched versions of Windows.

4 of 114 comments (clear)

  1. Damn linux by ruir · · Score: 4, Funny

    Linux is not good, damn full of bugs, heartbleed, shellsock and now THIS!!! Crap, wait, I must have made some mistake ;)

  2. Oh Microsoft Windows... by technomom · · Score: 3, Funny

    ....Don't ever change you magnificant bastard.

  3. Don't worry, I have a slideshow explaining this! by Grantbridge · · Score: 4, Funny

    Just download this handy powerpoint slideshow and I think you'll find it explains how this attacks works in perfect detail...

  4. Re:Definitely Users by Zalbik · · Score: 4, Funny

    It's a problem of false negatives. I've never been confronted with a UAC warning for which it was appropriate to say no. Never.

    Well, then you should take a look at the attached powerpoint presentation! It gives an in-depth analysis of exactly why you should be careful when answering "Yes" to UAC prompts.