[ISN] Microsoft warns of Windows zero-day; hackers serve exploits in PowerPoint files

http://www.computerworld.com/article/2836722/microsoft-warns-of-windows-zero-day-hackers-serve-exploits-in-powerpoint-files.html By Gregg Keizer Computerworld Oct 21, 2014 Microsoft on Tuesday warned Windows users that cyber criminals are exploiting a zero-day vulnerability using malicious PowerPoint documents sent as email attachments. In an advisory, Microsoft outlined the bug and provided a one-click tool from its “Fixit” line that customers can use to protect their PCs until a patch is available. Although Microsoft does not label its advisories with the same four-step threat scoring system it uses for security updates, it said that a successful exploit would let hackers hijack the PC so that they could, for example, steal information or plant other malware on the machine. The vulnerability affects all versions of Windows, from the aged Windows Server 2003 to the very newest Windows 8.1, and is within the operating system’s code that handles OLE (object linking and embedding) objects. OLE is most commonly used by Microsoft Office for embedding data from an Excel spreadsheet in, say, a Word document. […]