""The vulnerability is serious," said Johannes Ullrich, dean of research at the SANS Institute. "The root cause is that Microsoft Office still supports the older OLE document format, which provides access to various OLE components. The effect is similar to what an attacker could do with Office Macros. But Office Macros are typically blocked for documents downloaded from the internet. Microsoft implemented similar protections for OLE components, but this recent exploit found a way to bypass them.""
""Despite efforts by Microsoft and email gateway vendors, emails with malicious attachments are still a significant attack vector, he added.""
A Microsoft Office security bypass zero-day can be triggered simply by opening a document and is currently being actively exploited. The underlying cause is legacy support for the older OLE document format, which exposes various OLE components. The exploit achieves effects similar to malicious Office macros but circumvents protections that normally block macros for files downloaded from the internet. Microsoft implemented protections for OLE components, but the exploit bypasses those safeguards. Email attachments remain a significant attack vector despite protections from Microsoft and email gateway vendors.
Read at Computerworld
Unable to calculate read time
Collection
[
|
...
]