Microsoft warns on security flaws in Power Point Slides

Microsoft has warned Windows users about a zero-day security issue with malicious PowerPoint documents being emailed to recipients. The software giant is working on a patch for the problem.

Another Microsoft OLE security issue revealed...

The bad news is that the vulnerability affects all versions of Windows from Server 2003 to Windows 8.1. Perhaps worse, the flaw is buried in the code that handles OLE (object linking and embedding) calls, allowing one Microsoft application to directly call another.

Some researchers have pointed out that this zero-day is similar to one patched last week, when Microsoft issued no less than eight updates, including one (Sandworm) known to have been exploited in the wild, pending an update.  

Whilst it creates a patch, Microsoft has created an interim Fixit tool that, when applied, blocks the attacks seen so far. The tool can be downloaded on Microsoft's support pages.

Microsoft has also asked Windows users to pay attention to the User Account Control (UAC) pop-ups, the small alerts that require authorisation before the OS is allowed to perform certain tasks, such as downloading files or running software.

According to Steve Armstrong, technical security director with pen testing specialist Logically Secure, whilst the impact of a MS Zero day is bad, looking at the published workarounds suggests that users who enable UAC by default - and who do not have users with highly privileged accounts - can minimise the risks involved.

08 elements of Patch Tuesday