Microsoft Alerts About PowerPoint Vulnerability
According to an advisory written on Microsoft's Security TechCenter, the company discovered a crucial vulnerability in its PowerPoint product which affects almost all the Windows versions. The company also released a temporary fix named "OLE packagers shim around" that solves the issue.
The flaw is a zero-day vulnerability which allows hackers to obtain the same rights as the currently logged in Windows user and install their own programs on the infected computer. The good news is that it's not as easy as it seems: in order to exploit the vulnerability, the hacker will first need to convince the target to open a PowerPoint document which contains a malicious OLE object. More than likely, the victims will either be coaxed into opening a malicious document received via email, or tricked into visiting an infected website which spreads custom designed malware. With the exception of Windows Server 2003, all the other Windows versions are affected by this flaw.
In case you are worried, I wouldn't fret about it too much. Firstly, if you are not generally logging in to an administrator account on your Windows, then there is very little that a hacker can do with the newly gained privileges. Furthermore, in the eventuality of an attack, the UAC (User Account Control which is automatically enabled on all the Windows versions starting with Vista) would have popped out to prompt you before the infected file was executed.
Microsoft moved very fast and issued a fix to solve this situation. The OLE packagers shim around will work on PowerPoint 2007, PowerPoint 2010 and PowerPoint 2013 for both 32-bit and 64-bit versions.
Source: PCWorld
