Microsoft released Security Advisory 3010060 which relates to a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003.
The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object. Microsoft is aware of limited, targeted attacks.
RecommendationsMicrosoft has made available a Fix it solution "OLE packager shim workaround" which prevents execution of the vulnerability. Below are direct links to both enable and disable the Fix it solution.
Note: The Fix it solution is not at this time for 64-bit editions of PowerPoint on x64-based editions of Windows 8 and Windows 8.1.
|Enable Fix it||Disable Fix it|
Another option is to install the Enhanced Mitigation Experience Toolkit (EMET), described in the "workarounds" section of the Tech Net Advisory.
- CVE Reference: CVE-2014-6352
- Microsoft KB Article 3010060: Microsoft security advisory: Vulnerability in Microsoft OLE could allow remote code execution: October 21, 2014
- MSRC: Security Advisory 3010060 released
- Tech Net Advisory: Microsoft Security Advisory 3010060 Vulnerability in Microsoft OLE Could Allow Remote Code Execution
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...