problemă de securitate la fişierele PPT

Joi, 30 Octombrie 2014 | 1 Comentariu

Fişierele PowerPoint, aparent atât de inofensive, pot fi extrem de periculoase. Sfatul celor de la Microsoft este să nu deschideţi fişierele PPT provenite din surse necunoscute sau cele care vin pe neaşteptate din surse cunoscute. Foarte util sfatul şi imposibil de aplicat în viaţa reală.

Microsoft is worried about a PowerPoint bug that could let hackers take complete control of computers running Windows. Luckily, there is a way to prevent it: Don’t open unfamiliar PowerPoint presentations. Yes, that might seem like common-sense advice for anyone who doesn’t want to be bored to death, but this bug does seem especially nasty. In a blog post last week, Microsoft said that it was “aware of limited, targeted attacks” using the bug, which is hidden in PowerPoint files and gives hackers full control (depending on permissions) of systems running Windows Vista, Windows 7, Windows 8 and Windows RT. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft warned. The company has issued a temporary fix while it works on a security update.

virus_powerpoint_templates

Microsoft are şi o soluţie la problemă, temporară, dar detaliată aici:

https://technet.microsoft.com/library/security/3010060

Do not open Microsoft PowerPoint files, or other files, from untrusted sources
Do not open Microsoft PowerPoint files that you receive from untrusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted file.
Enable User Account Control (UAC)
Note User Account Control is enabled by default.
1. Do one of the following to open Control Panel:
a. Click Start, and then click Control Panel.
b. Press the Windows logo key + s, type Control Panel, then open the Control Panel app.
2. In Control Panel, click User Accounts (or User Accounts and Family Safety).
3. In the User Accounts window, click User Accounts.
4. In the User Accounts tasks window, click Turn User Account Control on or off (or Change User Account Control settings).
5. If UAC is currently configured in Admin Approval Mode, a UAC message appears; click Continue.
6. Click the check box “Use User Account Control (UAC) to help protect your computer”, and then click OK.
7. Do one of the following:
Click Restart Now to apply the change right away.
Click Restart Later.
8. Close the User Accounts tasks window.
Deploy the Enhanced Mitigation Experience Toolkit 5.0 and configure Attack Surface Reduction
The Attack Surface Reduction feature in EMET 5.0 can help block current attacks. You need to add configuration to the standard one in order to be protected.
1. Create a new file with the content below:
<EMET Version="5.0.5324.31801">
<Settings />
<EMET_Apps>
<AppConfig Path="*" Executable="dllhost.exe">
<Mitigation Name="DEP" Enabled="false" />
<Mitigation Name="SEHOP" Enabled="false" />
<Mitigation Name="NullPage" Enabled="false" />
<Mitigation Name="HeapSpray" Enabled="false" />
<Mitigation Name="EAF" Enabled="false" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="false" />
<Mitigation Name="BottomUpASLR" Enabled="false" />
<Mitigation Name="LoadLib" Enabled="false" />
<Mitigation Name="MemProt" Enabled="false" />
<Mitigation Name="Caller" Enabled="false" />
<Mitigation Name="SimExecFlow" Enabled="false" />
<Mitigation Name="StackPivot" Enabled="false" />
<Mitigation Name="ASR" Enabled="true">
<asr_modules>packager.dll</asr_modules>
</Mitigation>
</AppConfig>
<AppConfig Path="*\OFFICE1*" Executable="POWERPNT.EXE">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="true">
<asr_modules>flash*.ocx;packager.dll</asr_modules>
</Mitigation>
</AppConfig>
</EMET_Apps>
</EMET>

2. Save this file as EMET_CVE-2014-6352.xml.
3. From the EMET user interface, click Import from the File ribbon.
4. Select the EMET_CVE-2014-6352.xml file and click Open.
5. Alternatively, run this command from a Command Prompt with elevated privileges to import the saved script “EMET_CVE-2014-6532.xml” into EMET:
EMET_Conf.exe –import EMET_CVE-2014-6352.xml

Hai că-i simplu, orice utilizator obişnuit se pricepe să facă asta. În fond, ce se poate întâmpla atât de rău? Fişierul infectat nu poate decât să “create new accounts with full user rights“. 🙂

Un comentariu la “problemă de securitate la fişierele PPT

  1. Gicu de la cazane a comentat:

    La fraza ‘ Luckily, there is a way to prevent it: Don’t open unfamiliar PowerPoint presentations ‘ m-am tavalit de ras juma de ora 🙂 Am mai zis-o si zic inca o data: de cand Bill Gates s-a lansat in proiecte de genul descompunerea kktului in toaletele ecologice africane fara folosirea apei, in loc sa se ocupe de softuri, lucrurile au luat-o pe aratura bini di tat 🙂

    Iti place comentariul? Thumb up 1 Thumb down 0

    Răspunde

Ai o altă opinie? O poți scrie aici!