Microsoft Releases Temporary Fix It Solution for Newly Uncovered Zero-Day Flaw
A new security advisory and Fix It solution has been released in hopes of patching an actively exploited zero-day flaw in OLE.
October 22, 2014
On Tuesday, October 21, Microsoft issued a brand new security advisory (3010060) that trumpets a new zero-day flaw. A vulnerability in the Microsoft OLE component can allow attackers remote code execution capabilities.
This one is something you want to take notice over, as Microsoft has also confirmed that attacks have already been observed. This is yet another in the line of attacks that could be mitigated by simply eliminating administrative-type rights from the system, but such as it is, this security standard doesn't seem to hit home until there's a successful exploit.
In addition to issuing the security advisory, Microsoft has also taken steps to help secure computers until a proper patch can be released. A new Fix IT solution is now available in Microsoft's support pages.
The Fix IT solution is here: Microsoft security advisory: Vulnerability in Microsoft OLE could allow remote code execution: October 21, 2014
The Fix It solution patches Microsoft PowerPoint versions 2007 through 2013 on 32bit and 64bit Windows (Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows Server 2008.x, and Windows Server 2012.x).
The full security advisory (which includes more information and mitigating factors) is here: Microsoft Security Advisory 3010060
About the Author
You May Also Like