You are here: Home Blog Bill Barnett Alert: Critical Microsoft Office Flaw Patched

ClearView IT Blog

ClearView IT has been serving the Phoenix area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

Alert: Critical Microsoft Office Flaw Patched

Security
0 Comments

b2ap3_thumbnail_Microsoft-Office-icon_400.jpg‘Tis the season for technology vulnerabilities and exploits. In addition to Sandworm and Cryptowall 2.0, another flaw has been found in Microsoft Office. This particular threat allows a hacker to gain control of a computer system, making it a dangerous and potentially threatening gamble for your business to ignore it. Thankfully, the issue has been patched, and the fix is now available to the public.

Microsoft issued a security advisory on October 21st stating that the vulnerability, which allows remote code execution, is found in all supported versions of Microsoft Windows, excluding Windows Server 2003. The threat is triggered by opening an infected Microsoft Office file which contains an OLE (Object Linking and Embedding) object. If the hacker is successful, they can potentially gain the same user rights as other users on the PC, making it a very dangerous vulnerability indeed. If hackers are able to access the system, they can delete data, install malware, or other malicious activity.

The patch for this vulnerability was issued earlier this November, so if you still haven’t patched your systems from this threat, it’s important that you do so as soon as possible.

Thankfully, the vulnerability requires security permission from whoever has the administrative privileges on your business’s PCs. This means that if you were to download an Office file from the web, a window will appear asking if you are sure you want to download it. An example of Object Linking and Embedding (OLE) is embedding an Excel spreadsheet in a Word document.

combining files

Officially, Microsoft says that any Office file utilizing an OLE object is vulnerable to being infected with this threat. Here are some tips you can use to protect yourself until you apply the security update.

  • Enable the Windows Consent Prompt: In the observed attacks, the User Control Account interface displays a window with a consent prompt. This appears depending on the privileges of the current user, before the file can be downloaded. Make sure that this feature is enabled, as it can prevent you from downloading infected files before it’s too late.
  • Enable fewer user rights on your systems: The hacker who infiltrates your system will gain the same usage rights as the currently logged-in user. This means that the more user rights they have, the more damage they can do. Either way, the average employee shouldn’t have administrative user rights, as it could lead to them performing unapproved tasks, like downloading unnecessary software and such.
  • Avoid email phishing attacks: In theory, a hacker could convince an unaware user to visit an infected web page which could contain a vulnerable office file. They will typically do this by using links in malicious emails. Keep an eye out for suspicious activity, and never click on a link unless you know where it goes.
  • Avoid downloading files from the Internet in general: Files from the web can contain any number of worms, viruses, malware, adware or other malicious entities you want nowhere near your network.

As always, it’s important that you apply the latest security updates as they are released. ClearView IT can take care of this for you remotely and efficiently, so you don’t have to take the time to do so yourself.

In the face of tough threats such as this one, it’s best to equip your business with a comprehensive security solution, like ClearView IT’s Unified Threat Management device (UTM). With a UTM, you can rest easy knowing that your network is protected by powerful firewalls, antivirus, web content filtering and spam protection solutions designed to keep the threats out. For more information about how to integrate a UTM device into your business’s security plans, give ClearView IT a call at 866-326-7214.

Tweet
Tags:
Microsoft Office Security Alert
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 05 May 2025
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Search the Blog

Blog Categories

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Hackers Productivity Software Network Security Privacy Data Cloud Business User Tips IT Support Internet Hardware Innovation Email Hosted Solutions Malware Efficiency Workplace Tips Computer Google Microsoft Collaboration Android Business Management Phishing Cybersecurity IT Services Backup Data Backup Ransomware communications Smartphone Microsoft Office Upgrade Smartphones Small Business Network Mobile Devices Data Recovery Managed IT Services Communication Productivity Quick Tips Users Social Media VoIP Mobile Device Automation Tech Term Facebook Business Continuity Windows 10 Covid-19 Disaster Recovery Passwords Holiday IT Support Managed Service Windows 10 Browser Apps Cloud Computing Outsourced IT Miscellaneous Data Management Remote Work Internet of Things Managed Service Provider Saving Money Operating System Government Artificial Intelligence Workplace Strategy Managed IT services Gadgets Networking Windows App Virtualization Server Spam Information Remote WiFi Bandwidth Encryption Business Technology Mobile Device Management Blockchain Office History Apple Two-factor Authentication Information Technology Office 365 Employee/Employer Relationship Budget Gmail Conferencing Health Access Control Data Security Analytics BDR Cybercrime Wi-Fi Big Data Help Desk Hacking Cost Management Employer-Employee Relationship Document Management Patch Management Remote Computing Hacker Vendor Save Money Remote Monitoring Compliance Voice over Internet Protocol IT Management Training Data loss Best Practice Retail Alert Legal Hiring/Firing Outlook Data storage Money Applications Password Customer Service Unified Threat Management Project Management Firewall Vulnerabilities Augmented Reality Word BYOD Mobile Office IBM Website Computing Managed Services Search... Vendor Management Hard Drive How To Storage The Internet of Things YouTube Twitter VPN Update Law Enforcement Laptop End of Support Printer User Data Breach Paperless Office Antivirus Social Maintenance Sports Travel SaaS DDoS Virtual Reality Chrome Social Engineering Windows 11 Cryptocurrency Black Market Monitoring iPhone Cleaning Healthcare Education Cortana Websites Remote Workers Mobile Computing Robot Content Filtering Mobility Meetings Marketing Windows 7 Free Resource Google Maps Router Running Cable Scam Chromebook Drones Excel Solutions Automobile Tech Terms Images 101 Integration How To Display Wireless Technology Microchip Managed IT eWaste Digital Flexibility Virtual Assistant HIPAA Employees Downtime Taxes Avoiding Downtime Safety Identity Theft Hack Holidays Notifications Unified Communications Processor Virtual Desktop Experience Cooperation Google Docs Video Conferencing Physical Security Bluetooth Distributed Denial of Service Virtual Machines Office Tips Memory Computer Repair Private Cloud Multi-factor Authentication PowerPoint Start Menu Disaster Professional Services Downloads Administration Computer Care Vulnerability Saving Time Presentation Politics Settings Lithium-ion battery Specifications Machine Learning Managed Services Provider IT Consultant Software as a Service Data Protection Computers Bitcoin Virtual Private Network Solid State Drive Customer Relationship Management Processors Telephone Co-Managed IT Entertainment Current Events Social Network FinTech Visible Light Communication Knowledge Data Analysis CES Corporate Profile Screen Reader IT Assessment Reading Point of Sale Monitors Windows 8 Television Security Cameras Telephony Trends Supply Chain Management Employer Employee Relationship Mobile Technology Value Cabling Devices Cyber security Shortcuts Customer Resource management Organization Advertising Fileless Malware Tablet Smart Devices Relocation G Suite Tip of the week Public Speaking Displays Work/Life Balance Tech Support Mouse VoIP Gamification Remote Working Streaming Media Tracking Company Culture Regulations Trend Micro Be Proactive Keyboard Telephone System AI Directions Digital Security Cameras Troubleshooting Backup and Disaster Recovery Electronic Health Records Web Server Transportation Hard Drives intranet SharePoint Content In Internet of Things Digital Payment Desktop Wasting Time Worker Accountants eCommerce Wireless Hacks Modem Workplace Strategies Shortcut Network Congestion Electronic Medical Records Environment Videos Access Database Surveillance Reliable Computing Heating/Cooling Writing Social Networking Time Management Windows XP Public Cloud Managing Costs Health IT Equifax SSID Audit Media Business Owner Spyware Tactics Development Scalability Hard Drive Disposal Employer/Employee Relationships File Sharing Virtual Machine Text Messaging Proactive IT Username Administrator Redundancy Reviews Startup Optimization Bring Your Own Device Freedom of Information Smart Technology Navigation 2FA Cache Addiction email scam Teamwork Workers Mobile Security Hypervisor Music Unified Threat Management Data Storage User Tip Shopping Legislation Staffing News Medical IT IP Address Printing Evernote Paperless Inbound Marketing Network Management CCTV SQL Server Botnet Licensing Touchscreen PCI DSS Emergency Proxy Server Gig Economy Emails Humor Rental Service Computer Malfunction Fake News Supply Chain Micrsooft Flash Business Communications Vendor Mangement Service Level Agreement Internet Service Provider Computing Infrastructure Azure Samsung Device security Managed IT Service Telephone Systems Business Growth Electronic Payment Management Regulations Compliance Uninterrupted Power Supply Wireless Headphones Memes Recovery Webcam Microsoft Excel Workplace Competition Tech Human Resources Business Mangement Going Green Net Neutrality Business Cards LiFi Phone System Tablets Banking Entrepreneur Google Wallet Error Financial Data Bookmark Risk Management IT Documents Messenger Scams Application Deep Learning Business Intelligence Google Calendar Term Google Apps Download Supercomputer Piracy HTML Business Metrics Hosted Solution Virus Telework Browsers Smartwatch Nanotechnology Communitications Securty Books Motion Sickness Microsoft 365 Cables Domains Language Society Comparison Google Play Google Drive Upload Procurement Computer Accessories Software License

Blog Archive

Recent Comments

No comments yet.

Interested In A Free Consultation?

Click Here