Olé! Finally, an interesting PowerPoint presentation

 In ITC's Threat of the Week

After years of boring everyone to tears, the worm has turned, PowerPoint has officially gone rogue. Power with a Point to prove, scary.

So scary in fact that Microsoft has released an advisory about a bug in the Object Linking and Embedding (OLE – see what we did there?) library – the code that sometimes (on your birthday maybe) lets you embed Excel Spreadsheets in PowerPoint spreadsheets and Word Documents hassle free.

Obviously this isn’t the first vulnerability against OLE, however this zero day is being exploited right now, in the wild. Attackers can run code on your machines at will at the same level of privilege as the exploited user (at least).

Microsoft has some recommended actions before they patch this issue, which will hopefully be on Patch Tuesday November the 11th.

These include a workaround and a recommendation to not open PowerPoint files from untrusted sources (like your boss). Additional workarounds include deploying User Account Control or the enhanced mitigation experience toolkit, which seem severely onerous in an Enterprise environment.

Full details can be found here: https://technet.microsoft.com/library/security/3010060

Whilst we fully support workarounds and patching as much as the next security company, we have a number of strategies to help you identify actually what is running on machines connected to your network in real time and report, alert and take action if required.

For instance we can identify unpatched machines connected to specific (high value/low value or remote) parts of your environment and can move them to a more protected zone until they are remediated.

We can build rules into our NetSure360° managed security platform that identify these users and keep tabs on their machines, only taking action if erroneous activity is detected and then, and only then excluding them immediately.

If you would like a demonstration of our integrated security solutions which can provide you with immediate risk identification and mitigation value, please contact us on: 020 7517 3900 or email sales@itcsecure.com

Author: Kevin Whelan

Recent Posts

Leave a Comment