Many of us know not to click random links that are sent in emails or on Facebook, but now we’re being warned to be on our guard against dangerous files, too. Microsoft has discovered a vulnerability in its Office software that affects every version of Windows, except Windows Server 2003.
And hackers are already exploiting the flaw to trick people into opening infected files and taking over their entire computer.
n an official advisory notice, Microsoft said it is ‘aware of a vulnerability affecting all supported releases of Microsoft Windows.
‘The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object.’
OLE (Object Linking and Embedding) is a technology that allows applications to share data and functionality.
An attacker who successfully takes advantage of this vulnerability could gain the same user rights as the current user on any targeted computer.
It affects all supported versions of Microsoft Windows, which includes Windows Vista, Windows Server 2008, Windows 7, Windows 8, Windows Server 2012, and Windows RT.
Windows XP is no longer supported – which means that when Microsoft issues updates, users running this operating system don’t receive them – however, that doesn’t mean it is safe from attack.
The current Office flaw is already being exploited in a number of ‘limited, targeted attacks’ in which infected Microsoft PowerPoint files are being sent over email.
However, in theory, any Office file is at risk, including Word documents and Excel spreadsheets.
Microsoft has issued a temporary fix that users can install to protect themselves ahead of a wider security update.
t is also advising people not to open unidentified files.
The attack can also only be launched if a user consents to opening the file, and users are advised to enable User Account Control (UAC), where possible, to be prompted before opening links and files.
Jonathan Leopando from security firm TrendMicro said: ‘Currently, Microsoft has not indicated whether a patch to solve this issue will be sent outside of the regular Patch Tuesday cycle.
Until more definitive information becomes available, we advise users to be careful about opening Office documents that they have been sent, particularly if they come from parties that have not sent you documents beforehand.’
Mailonline
UM– USEKE.RW
