Contact Us Today! (215) 853-2266

Bardissi Enterprises Blog

Bardissi Enterprises has been serving the Hatfield area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Bardissi Enterprises: WatchGuard LiveSecurity Attackers Target Zero Day PowerPoint Vulnerability

Attackers Target Zero Day PowerPoint Vulnerability
Severity: High

3 April, 2009
Summary:
  • This vulnerability affects: All current versions of Microsoft PowerPoint for Windows and Mac computers (also affects PowerPoint Viewer and Office Compatibility Packs)
  • How an attacker exploits it: By enticing your users into opening a maliciously crafted PowerPoint presentation
  • Impact: An attacker can execute code on your computer, potentially gaining control of it
  • What to do: Implement the workarounds described in the Solution Path section of this alert
Attackers Target Zero Day PowerPoint Vulnerability
Severity: High

3 April, 2009
Summary:
  • This vulnerability affects: All current versions of Microsoft PowerPoint for Windows and Mac computers (also affects PowerPoint Viewer and Office Compatibility Packs)
  • How an attacker exploits it: By enticing your users into opening a maliciously crafted PowerPoint presentation
  • Impact: An attacker can execute code on your computer, potentially gaining control of it
  • What to do: Implement the workarounds described in the Solution Path section of this alert
Exposure:
Yesterday, Microsoft released a security advisory warning of a very critical unpatched PowerPoint vulnerability, which attackers have already begun exploiting on the Internet. The vulnerability affects all current versions of PowerPoint for Windows and Mac, as well as the Microsoft PowerPoint Viewer and the Office Compatibility Packs.

Since Microsoft just learned about this flaw, they don’t describe it in much technical detail. They only say that the flaw involves PowerPoint accessing an invalid object in memory. However, the advisory does tell how attackers can leverage the flaw. By enticing one of your users into downloading and opening a maliciously crafted PowerPoint document (.ppt), an attacker can exploit this vulnerability to execute code on a victim’s computer, usually inheriting that user’s level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user’s machine.

With attackers actively exploiting this vulnerability in the wild, it poses a significant threat to Microsoft Office and PowerPoint users. Microsoft hasn’t had time to patch the flaw yet, but they plan to in the near future. Until then, we recommend you implement the workarounds described below to mitigate the risk of this dangerous zero day attack.

Solution Path
Microsoft has not had time to release a patch for this zero day vulnerability. However, the workarounds described below should mitigate the risk of attacks currently circulating in the wild.
  • Inform your users of this vulnerability. Advise them to remain wary of unsolicited PowerPoint (.ppt) documents arriving via email. If they don’t absolutely need the document, and don’t trust the entity it came from, they should avoid opening it until Microsoft releases a patch.
  • Use up-to-date antivirus (AV) software. AV companies are sure to release signatures that detect these malicious PowerPoint files. Make sure to update your AV regularly.
  • Use the Microsoft Office Isolated Conversion Environment (MOICE) to open an untrusted PowerPoint document. MOICE is a Microsoft add on that provides a special environment which allows you to more securely open Word, Excel, and PowerPoint binary format files. For more details on using it, see the “Suggested Actions” section of Microsoft’s security advisory.
  • Use a gateway device, like your Firebox, to block PowerPoint files. If your users can’t download PowerPoint files, this exploit won’t affect them. Unfortunately, doing this blocks legitimate PowerPoint files as well. Nonetheless, depending on your business needs, you may still consider blocking PowerPoint files until Microsoft releases a patch.
We will update this alert when Microsoft releases a patch.

For All WatchGuard Users:
Many of WatchGuard’s Firebox models can block incoming PowerPoint files. However, most administrators prefer to allow these file types for business purposes. Nonetheless, if PowerPoint files are not absolutely necessary to your business, you may consider blocking them using the Firebox’s HTTP and SMTP proxy until Microsoft releases a fix for this vulnerability.

If you decide you want to block PowerPoint documents, follow the links below for video instructions on using your Firebox proxy’s content blocking features to block .ppt files by their file extension: Firebox X Edge running 10.x Firebox X Core and X Peak running Fireware 10.x Status:
Microsoft plans to release a patch for this vulnerability. Until then, implement the workarounds described above.

References:
Microsoft Security Advisory
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 23 December 2024
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

Recent Comments

Tip of the Week: Which Headphones are Right for Your Needs?
23 April 2018
I will recommend Plantronics Backbeat Pro 2 SE Noise cancelling Headset with it's Great features.
Gamification: Make Business Fun for Everyone
27 January 2017
The world is based on the games. There are many types of games as per the aussie essay writing servi...
Let's Talk Tablets
12 January 2017
The concept of tablet is far better than that of PC because you can bring them with you everywhere a...
Tip of the Week: Tweak Your Workday in These 4 Ways and See Major Results
12 January 2017
The only thing will I will say regarding this blog is that it is very helpful at least for me. As I ...
WatchGuard Releases Version 10.2.7 for WSM, Edge, Fireware, and Fireware Pro
23 December 2016
I really needed to know about the fireware but i was confused that where can i find information abou...