The company iSIGHT and Microsoft have disclosed that a dangerous vulnerability exists in all Windows versions from Windows Vista SP2 to Windows 8.1 and in Windows Server 2008 and 2012. The exposed dangerous method vulnerability exists in the OLE package manager from the OS.
When the vulnerability is exploited it allows an attacker to remotely execute arbitrary code and thus take over the computer. The vulnerability exists because Windows allows the OLE packager (packager .dll) to download and execute INF files.
OLE is a technology from Microsoft that allows applications to share objects such as images or video. The main benefit of OLE is to add different kinds of data to a document from different applications, like a text editor and an image editor. This creates a compound document and a master file to which the document makes reference. Changes to data in the master file immediately affect the document that references it. This is called “linking” (instead of “embedding”).
In the case of the observed exploit, specifically when handling Microsoft PowerPoint files, the packagers allows a Package OLE object to reference arbitrary external files, such as INF files, from untrusted sources. An INF file or Setup Information file, is a plain text file used by Microsoft Windows for installation of software and drivers.
This will cause the referenced files to be downloaded in the case of INF files, to be executed with specific commands. An attacker can exploit this vulnerability to execute arbitrary code but will need a specifically crafted file and use social engineering methods to convince a user to open it.
The disclosure of the vulnerability is today as it’s Patch Tuesday today, amongst the patches Microsoft is releasing today is also a patch for this security issue. So updating is highly recommended. If you’re unable to update soon then be careful when opening Microsoft Powerpoint files.