Windows 0-Day Exploited In Ongoing Attacks

← Back to Stories (view on slashdot.org)

Windows 0-Day Exploited In Ongoing Attacks

Posted by Soulskill on Wednesday October 22, 2014 @02:23AM from the gift-that-keeps-on-giving dept.

An anonymous reader writes: Microsoft is warning users about a new Windows zero-day vulnerability that is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects. The vulnerability is currently being exploited via PowerPoint files. These specially crafted files contain a malicious OLE (Object Linking and Embedding) object. This is not the first time a vulnerability in OLE has been exploited by cybercriminals, however most previous OLE vulnerabilities have been limited to specific older versions of the Windows operating system. What makes this vulnerability dangerous is that it affects the latest fully patched versions of Windows.

8 of 114 comments (clear)

Min score:

Reason:

Sort:

Re:Only for root users by fisted · 2014-10-22 02:29 · Score: 4, Insightful

You do know the common way for users to deal with UAC prompts, right?

--
CLI paste? paste.pr0.tips!
Re:Only for root users by afidel · 2014-10-22 02:34 · Score: 4, Insightful

Yes, but in a well managed environment users won't get a UAC prompt because they won't be local admins, if the folks you've trusted enough to grant local admin to are still dumb enough to click ok to a UAC prompt when opening an Office file then there's literally no security system that will help you.

--
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Re:Damn linux by 93+Escort+Wagon · 2014-10-22 02:57 · Score: 3, Insightful

It's mildly funny that Server 2003 doesn't have this bug, and also was the last Windows Server that still used some Unix/BSD code.
(No, I'm not claiming a causal relationship...)

--
#DeleteChrome
Windows = Job Security by __aaclcg7560 · 2014-10-22 03:23 · Score: 4, Insightful

If you're a security remediation specialist for the I.T. department, Windows is job security as these problems will never go away.
1. Re:Windows = Job Security by Anonymous Coward · 2014-10-22 03:38 · Score: 2, Insightful
  
  Do you know any OS that is free of bugs and security risks, including users?
Re: Only for root users by parkinglot777 · 2014-10-22 03:25 · Score: 3, Insightful

I think even most casual users will wake up and cancel the request
This actually makes me laugh :P Sadly, a casual user is not as logical as you think.
Re: Yikes by neilo_1701D · 2014-10-22 03:44 · Score: 4, Insightful

... and if the one rendering engine was used, the moment an exploit becomes available, all systems are vulnerable. Haven't we learned about the dangers of monocultures yet?
Re:Wait one cotton pickin' minute by neilo_1701D · 2014-10-22 03:50 · Score: 4, Insightful

Visio charts, Project Gantt charts, Excel charts... it's actually a very useful technology, especially if you're pulling data from a live source (eg. query data into Excel, which generates charts). Much easier than querying the data in Excel, updating the graph, exporting (or copying) the graph as PNG then updating the PowerPoint.