This Office Zero Day Went To NATO

Source: Ars Technica This Office Zero Day Went To NATO

Block all Office applications from creating child processes!

It’s time for yet another Office Zero day vulnerability, this one seen to be actively exploited in a number of places up to and including the NATO summit.  There is another way to specially craft an Office document to trigger remote code execution when it is opened and those attachments are apparently all over the place.   The vulnerability is as of yet unpatched, but there are a few ways to protect yourself and those you know who just love opening mysterious attachments.

If you are running Defender for Office and have blocked child processes you should be safe, those two features together will prevent the code from being able to successfully execute.  If you don’t have that option then it’s off to the Registry with you to add in a number of exe files to a key which prevents them from launching a child process.  This could be rather problematic for some, as you might want PowerPoint to be able to talk to Excel or Graph.  

You can get the list of programs to add, as well as more info, at Bleeping Computer.

"Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents," Redmond said today.

Video News

About The Author

Jeremy Hellstrom

Call it,, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!