Microsoft has released a temporary fix for a new zero-day flaw via PowerPoint that affects nearly all versions of Windows.
The most recent flaw affects all Windows releases except Windows Server 2003. This exploit can happen if a user opens a malicious Office file containing an OLE (object linking and embedding) object. A hacker would gain the same rights as the user and could put other programs on to the infected computer.
The fix which is called OLE packager shim workaround by Microsoft is for 32- and 64-bit versions of PowerPoint 2007, 2010 and 2013.
Microsoft stated that attacks could take place in many ways but here are two possible examples. It can happen via email with the attacker sending a malicious file or a second example can happen by luring a person to a compromised website containing “specially crafted content.”
The User Account Control feature in Windows will display a consent prompt during an attack depending on the privileges of the user before the malicious file is run.
Earlier this month, on Patch Tuesday, Microsoft released eight security bulletins, which fixed three zero-day vulnerabilities at the same time, a rare occurrence.
So how do you fix this PowerPoint issue?
You can use Microsoft’s fix-it option for now until Microsoft releases an official patch which will affect personal computers and business systems. Check out Microsoft’s security advisory regarding on this vulnerability in Microsoft OLE could allow remote code execution. This is Microsoft’s technical bulletin addressing the full details of the PowerPoint security flaw. All details on how to fix it are located here also. Click here to view.