In what can be easily termed as one of the most alarming bugs, ever discovered in Microsoft’s OLE (of which the company is aware), a vulnerability discovered recently, could allow an attacker to take full control of your entire system. Don’t panic, here’s all you should know :
- The bug can affect almost any version of Windows, including Windows Vista, Windows Server 2008, Windows 7, Windows 8, Windows Server 2012, and Windows RT. XP users releived ? Well, you shouldn’t be. XP isn’t listed as Microsoft no more provides updates for the same. The bug can attack XP as well.
- The bug has been discovered in Microsoft Powerpoint. If you ever come across any strange powerpoint presentation (or any file for that matter), which asks for permissions to open, DO NOT download or open it.
- This bug, if fully exploited by an attacker, could handle your entire system to the attacker. You’ll have no control over your system, whatsoever.
- The bug gives the attacker the same rights, as the ones enjoyed by the currently logged in user. So, for example you are logged in as admin, the attacker will enjoy all admin privileges and will hence be able to do functions like code changes, managing user rights etc.
- Microsoft says that hacked presentations e-mailed to users and hacked presentations sitting on the web are potentially dangerous. So what can you do about it ? Just DO NOT download any strange presentations (ever).
Though the bug, if fully exploited, could be alarmingly dangerous, certain minimal precautions will easily keep you safe. Here’s what you need to do :
- As we have been repeating and stressing, DO NOT download any presentations from the internet, until and unless they are extremely trustworthy or urgent.
- If your Windows build has an user account control as an option, enable it. This won’t fix anything, but will guard you against possible threat, by popping up an administrative permissions message.
- Download the security patch issued by Microsoft from here, until and unless a full security update is not available.
And as for the seriousness of the bug, here are Microsoft’s own words on the same :
An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Microsoft has also admitted that till now, it has seen “limited targeted attacks” that attempt to exploit the vulnerability through Microsoft PowerPoint. So, follow our instructions, play it safe.