Hackers are exploiting a security flaw in Microsoft Office by using PowerPoint to attack Windows users and gain control of computer systems Microsoft, in a security advisory on its website, says there have been “limited, targeted attacks” against users through Microsoft PowerPoint. An attacker who successfully exploits the security flaw could gain complete control of the system. With that sort of control, hackers could execute code remotely, alter or delete data and install harmful programs, like malware.
Microsoft on Tuesday warned Windows users that cyber criminals are exploiting a zero-day vulnerability using malicious PowerPoint documents sent as email attachments. In an advisory, Microsoft outlined the bug and provided a one-click tool from its “Fixit” line that customers can use to protect their PCs until a patch is available. Although Microsoft does not label its advisories with the same four-step threat scoring system it uses for security updates, it said that a successful exploit would let hackers hijack the PC so that they could, for example, steal information or plant other malware on the machine. The vulnerability affects all versions of Windows, from the aging Windows Vista to the very newest Windows 8.1, and is within the operating system’s code that handles OLE (object linking and embedding) objects. OLE is most commonly used by Microsoft Office for embedding data from an Excel spreadsheet in, say, a Word document.