Microsoft recently released security advisory warning of specially crafted Microsoft Office files that can give an attacker the same user rights as the user that opens it. The vulnerability affects all currently supported releases of Microsoft Windows, excluding Windows Server 2003.
According to Microsoft’s Security TechCenter, the current files being used to attack users is a PowerPoint file, but it’s possible that any Microsoft Office file could be used for the attack. The attack is issued from an OLE (Object Linking and Embedding) component within the Microsoft Office files, meaning the files must be opened by the user for anything to happen. Microsoft’s suggestions for reducing the risk of attack include enabling User Account Control (UAC) so a prompt is issued before the OLE can do anything, lowering the user rights for your and others’ accounts, avoid downloading any Microsoft Office files from strange web sites, and opening Microsoft Office files in Protected View.
We’ve seen a recent resurgence in macro-based Office document attacks, and this vulnerability suggests another potentially issue. As with most attacks, one key preventative strategy is to be smart about the files you open and make sure they come from a trusted source. To learn more about the vulnerability, check out the link below.
Microsoft Security Advisory 3010060 [Microsoft Security TechCenter]
Comments
One response to “Watch Out For Suspicious Microsoft Office Files: They Could Be Malware”
Never open ANY suspicious file, is it really that hard?
Some jobs (like HR) where you open a lot of files from outside should have extra protection. Possibly something like a dedicated VM or just using something like sandboxie.