Is there a Trendmicro's Officescan AV signature for the following exploits?
So far, Trend Support said they're still checking.
what's the likelihood of being attacked/hacked if we don't have
Powerpoint but only Web Software Components (ie MS Access,
MS Excel) ?
Hackers exploit Windows zero-day flaw in targeted PowerPoint attacks
Hackers are exploiting a zero-day vulnerability in Windows using malicious PowerPoint documents, Microsoft and security firms warn.
An advisory from Microsoft warns that the as-yet-unpatched flaw is present in all supported versions of Windows except Windows Server 2003 and has already been abused in "limited, targeted attacks".
The bug (CVE-2014-6352) can be triggered by sending a specially crafted Microsoft Office files to intended targets before tricking them into opening the booby-trapped files.
The specially crafted malicious files would contain a malicious Object Linking and Embedding (OLE) object, a technology used to share data between applications that allows a chart from an Excel Spreadsheet within a PowerPoint presentation, among other functions. Tricking a user into opening a malicious file results in an infected machine but won't cough admin privileges to the hacker – at least not by itself. Attacks are likely to generate pop-up warnings and under default settings a User Access Control popup would get displayed.
An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
In a web-based attack scenario, an attacker could host a website that contains a webpage that contains a specially crafted Office file that is used to attempt to exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.
· Remote Code Execution
· Privilege Escalation
· Data Exfiltration
· Lateral spread in Malware
Below are some suggested best practices and solutions to prevent remote code execution within your organization.
· Ensure all operating systems and public facing machines have the latest versions and security patches, and antivirus software and definitions up to date.
· Be aware of Spear phishing emails that may trick you into opening a malicious document or click a link to a malicious landing page.
· Ensure systems have a running firewall, unnecessary ports are closed/blocked, and unused services are disabled.
· Ensure that users’ privileges are issued according to their level. This has less impact than those who have administrative rights.
· To reduce the impact of latent vulnerabilities, always run non-administrative software as an unprivileged user with minimal access rights.
· Educate your users to practise safe computing.
· Ensure that relevant personnel are versed in follow up actions of IT security incidents and recovery procedures.
· Do continue to be vigilant and work closely with your ITSO/ITSM for any escalated security events from the EDMS SOC. Please ensure your contact list for EDMS SOC escalation is up-to-date. In the event of any security incident, please inform EDMS SOC or your ITSO/ITSM immediately.
Microsoft has released workaround and “Fix It” solutions: https://technet.microsoft.com/library/security/3010060#ID0EPG