Two new and one updated advisory discussing PoC and exploits

Lennart Wistrand here. This week we’ve seen both proof of concept code posted for a Windows Shell vulnerability. We have also seen limited exploits of a previously publicly disclosed vulnerability in DirectAnimation as well as limited exploits of a PowerPoint vulnerability.

We’ve made the Windows Shell advisory available to advise customers of this public PoC. The advisory calls out mitigating factors and workarounds and does also touch upon our plans around releasing a security update that addresses this. The advisory can be found here.

We’ve also made a small update to the DirectAnimation advisory to call out that we have seen very limited attacks occur. That advisory can be found here.

Finally, we’ve published a PowerPoint advisory as well regarding limited attacks using specially crafted PowerPoint files.

In each case, user interaction is required for a successful exploit to occur and our Safe Browsing guidance applies. Reading e-mail using Outlook or Outlook Express can, in and of itself, not put you at risk but if you click on a link in an e-mail from an untrusted source you could be at risk. Keep your anti-virus software up to date and use caution when browsing. Please refer to the advisories for a more in-depth discussion of this.

We are working overtime to help get all of you more secure and we do continue to encourage security researchers to work with us towards resolutions to vulnerabilities that are discovered.


*This posting is provided “AS IS” with no warranties, and confers no rights.*