Windows 0-Day Exploited In Ongoing Attacks

An anonymous reader writes: Microsoft is warning users about a new Windows zero-day vulnerability that is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects. The vulnerability is currently being exploited via PowerPoint files. These specially crafted files contain a malicious OLE (Object Linking and Embedding) object. This is not the first time a vulnerability in OLE has been exploited by cybercriminals, however most previous OLE vulnerabilities have been limited to specific older versions of the Windows operating system. What makes this vulnerability dangerous is that it affects the latest fully patched versions of Windows.

Re:Definitely Users

[CauseBy]

It's a problem of false negatives. I've never been confronted with a UAC warning for which it was appropriate to say no. Never.

When 100% of past warnings were unnecessary people don't pay attention to warnings anymore. This isn't a problem with human behavior, this is a problem with the warnings. Warnings need to have a memorably high rate of indicating actual danger -- five or ten percent is enough. One in a million is not enough.

Windows is like the crazy guy on the corner who says "the end is near!" Yeah, sure, maybe this time he's right, but we've heard that false message too many times to even bother listening to it.

Libreoffice?

[BellyJelly]

Well, we mostly use Libreoffice at work. Are we vulnerable if we open a powerpoint file in Impress?