零日漏洞困扰: 微软警告其客户关于未补丁的零日威胁

2014/10/24

Opportunities for crime hackers and cyber criminals never seems to end.

Microsoft this week to threaten Windows PowerPoint users of unpatched zero-day vulnerabilities issued a warning. This question is followed by three critical zero-day vulnerability in last week called ‘Patch Tuesday’ bulletin published.

In this week’s announcement, Microsoft warned that if a user opens a specially crafted Microsoft Office PowerPoint file containing OLE objects, the vulnerability could allow remote code execution. OLE (Object Linking and Embedding) allows users to insert data from another file in a document, such as: insert the brush in the PowerPoint file update which makes embedded object in your program, the also update PowerPoint files.

An attacker could gain the same user rights as the current user if the current user has administrative privileges, the attacker could take complete control of the user’s computer.

The vulnerability affects all supported versions of Microsoft Windows, except for Windows Server 2003. Microsoft did not release patches at this time, but is expected soon will have.

Microsoft warned that attackers could spread infected files from the site, presumably through phishing scams to trick users into visiting a malicious Web site. This is usually done by sending e-mail, to attract readers click fraud link.

Last week, Microsoft released a security bulletin, including three critical zero-day vulnerability in Windows, including the emergence of ‘worm’ vulnerability. The vulnerability is engaged in a war of intelligence and network security firm iSight recognition. iSight reported that the vulnerability affects all versions of Microsoft Windows and is recognized in against Western interests include Nato, the EU and the critical infrastructure of various Russian attack.

The second zero-day vulnerability allows an attacker to bypass the Internet Explorer sandbox feature in Internet Exploer in.

According to last week’s announcement, the third zero-day vulnerability would allow an attacker to type some malicious code to TrueType fonts. An attacker could exploit fonts downloaded from the Internet and automatically execute malicious code on unsuspecting visitor’s computer.

Comodo Internet Security suite and antiviru software is specifically designed to protect users were zero-day threats and design. Its unique architecture and sandbox Default Deny ensures malware can bring the worst problem, the malicious program will run in a safe and isolated sandbox security,

Write a comment

Name
Comment