Microsoft Spots New Vulnerability in Microsoft Office – Your PC may be at Risk

Heads up! In what feels like a throwback to the late 90s/early 2000’s, Microsoft has discovered one helluva bug in Microsoft Office. Executed properly, the bug could be exploited to take over your entire system running just about any version of Windows.

You can find Microsoft’s full disclosure on the bug here, but here’s the bulk of what you should know:

• This bug is being exploited in the wild, though Microsoft only knows of “limited, targeted attacks” so far
• It affects Windows Vista, Windows Server 2008, Windows 7, Windows 8, Windows Server 2012, and Windows RT. XP isn’t mentioned as Microsoft no longer supports it — but yeah, it’s probably affected too.
• If executed properly, the exploit gives the attacker the same permissions on your system as whatever type of user you’re currently logged in as. If you’re an admin, that means full admin rights — code execution, app installs, etc.
• If you have Window’s User Account Control feature enabled, it’ll throw up a prompt asking if the file is okay to execute. If you aren’t 100% sure that the file is legit, avoid doing so.
• The bug is part of PowerPoint’s OLE system, which lets you embed things like spreadsheets into a presentation. It’s supposed to be fairly well sandboxed; alas, it looks like someone found a gap.
• Microsoft says that hacked presentations e-mailed to users and hacked presentations sitting on the web are potentially dangerous. The short version: avoid all but the most-trusted PowerPoint presentations right now.

So just how gnarly is this bug? Says Microsoft (emphasis ours):