Microsoft
has warned Windows users about a zero-day security issue with malicious
PowerPoint documents being emailed to recipients. The software giant is
working on a patch for the problem.
Another Microsoft OLE security issue revealed...
Some researchers have pointed out that this zero-day is similar to one patched last week, when Microsoft issued no less than eight updates, including one (Sandworm) known to have been exploited in the wild, pending an update.
Whilst it creates a patch, Microsoft has created an interim Fixit tool that, when applied, blocks the attacks seen so far. The tool can be downloaded on Microsoft's support pages.
Microsoft has also asked Windows users to pay attention to the User Account Control (UAC) pop-ups, the small alerts that require authorisation before the OS is allowed to perform certain tasks, such as downloading files or running software.
According to Steve Armstrong, technical security director with pen testing specialist Logically Secure, whilst the impact of a MS Zero day is bad, looking at the published workarounds suggests that users who enable UAC by default - and who do not have users with highly privileged accounts - can minimise the risks involved.
