The New Stuff


Microsoft Spots New Vulnerability in Microsoft Office – Your PC may be at Risk

Heads up! In what feels like a throwback to the late 90s/early 2000’s, Microsoft has discovered one helluva bug in Microsoft Office. Executed properly, the bug could be exploited to take over your entire system running just about any version of Windows.

You can find Microsoft’s full disclosure on the bug here, but here’s the bulk of what you should know:

  • This bug is being exploited in the wild, though Microsoft only knows of “limited, targeted attacks” so far
  • It affects Windows Vista, Windows Server 2008, Windows 7, Windows 8, Windows Server 2012, and Windows RT. XP isn’t mentioned as Microsoft no longer supports it — but yeah, it’s probably affected too.
  • If executed properly, the exploit gives the attacker the same permissions on your system as whatever type of user you’re currently logged in as. If you’re an admin, that means full admin rights — code execution, app installs, etc.
  • If you have Window’s User Account Control feature enabled, it’ll throw up a prompt asking if the file is okay to execute. If you aren’t 100% sure that the file is legit, avoid doing so.
  • The bug is part of PowerPoint’s OLE system, which lets you embed things like spreadsheets into a presentation. It’s supposed to be fairly well sandboxed; alas, it looks like someone found a gap.
  • Microsoft says that hacked presentations e-mailed to users and hacked presentations sitting on the web are potentially dangerous. The short version: avoid all but the most-trusted PowerPoint presentations right now.

So just how gnarly is this bug? Says Microsoft (emphasis ours):

An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

But should you panic?

Nah. Do a few things things, and you should be safe:
1) Play it smart about what presentations you open
2) If you’re on a build of Windows that has User Account Control as an option, enable it (it should be on by default, in most cases.) This won’t fix the bug outright, but it’ll throw up a big permissions prompt that’ll remind you not to open mystery files.
3) Check out this advisory page from Microsoft, which offers up a temporary patch until Microsoft finalizes a security update.

The following two tabs change content below.

Ebenezer Obasi

Senior executive editor at EwtNet
A web developer, IT undergrad, terrible entrepreneur, internet freak and a man of a few other incongruous talents, Ebenezer has been writing on technology since 2012, and plans to do so until a few days before his ultimate fate: cryogenic preservation. If resurrected, he is likely to go back to writing on technology.

Recieve Free Email Updates!

Subscribe to get new updates instantly delivered to your inbox. Select the specific category you want to recieve updates on and enter your email address below.

*A confirmation message will be sent to you, login to your e-mail account and click on the confirmation link to start enjoying this service.

Get the latest news on your Android mobile, Download our Android App

Recently Published


Awale, Backgammon and 1 other Game Technology has transformed

From time memorial, man has indulged himself into seeking ...

YouTube's demonetization aftermath

YouTube’s demonetization finally recognized; popular creators mad

YouTube (the behemoth video website and subsidiary of Google [GOOG]) ...


Why Pokemon GO Falls Short

Pokemon GO is a augmented reality mobile game that released (without ...

Playstation Plus

SONY announces increase in PS+ Pricing. How will this affect the service?

credit: Just when many PS+ members already felt let ...


Plan your Week Ahead: 7 Must Have Android Applications for the Week

Happy Sunday to all EWT readers! This is the 7th month of the ...

MTN Tariff Plans

MTN Tariff Plans – Latest Compilation of MTN Tariff Plans and Activation Code

Life with MTN can be a bit tricky. One day you get a notification to ...


Airtel Data Plans and Subscription Codes – Android, BlackBerry and Mega Data Bundle with SmartSPEEDOO

Compilation of the latest Airtel data plans for PC, Android, iOS, ...

MTN Tariff Plans

MTN Data Plans and Subscription Codes – Complete List with Text and USSD

Compilation of the latest MTN data plans for PC, Android, iOS, iPhone ...


Glo Data Plans and Subscription Codes – Full List for Monthly, Weekly, Daily & Campus Data Plans

Compilation of the latest Glo data plans for PC, Android, iOS, ...


Leave a Reply