The OLE Packager is the component that is affected by the zero-day, which was discovered by researchers at McAfee and Google. Curiously the component was just patched this month in MS14-060, but Microsoft, in response to this latest flaw, has released a Fix It package for PowerPoint, and encouraged the use of EMET 5.0.
The most concerning things related to the Microsoft zero-day flaw is that it is already being exploited by threat actors in targeted attacks.
“The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” the advisory explained.”At this time, we are aware of limited, targeted attacks that attempt to exploit the vulnerability through Microsoft PowerPoint.” confirming the voice that bad actors are already exploiting the zero-day in limited cases.
The OLE (Object Linking and Embedding) is a proprietary technology developed by Microsoft that allows embedding and linking to documents and other objects. As explained by the experts at Microsoft, the vulnerability in Microsoft OLE, coded as CVE-2014-6352, could allow remote code execution, this is possible if a Microsoft user opens a specially crafted Microsoft Office file that contains an OLE object.
The security advisory reports the following mitigation factors:
The principal problem is that despite the exploit of the flaw trigger a warning, users often ignore them, the issue appears very serious in corporate environments, where executives and remote users are often granted administrative rights on their systems.
(Security Affairs – Microsoft zero-day, hacking, OLE )