Wednesday, January 11, 2017

Microsoft Security Advisory 3010060 with Fixit Solution

Microsoft Security Advisory 3010060 with Fixit Solution


Security Advisory
Microsoft released Security Advisory 3010060 which relates to a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003.

The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object. Microsoft is aware of limited, targeted attacks. 

Recommendations

Microsoft has made available a Fix it solution "OLE packager shim workaround" which prevents execution of the vulnerability.  Below are direct links to both enable and disable the Fix it solution.



NoteThe Fix it solution is not at this time for 64-bit editions of PowerPoint on x64-based editions of Windows 8 and Windows 8.1. 
 
Enable Fix itDisable Fix it
Microsoft Fix it
Microsoft Fix it 51026
Microsoft Fix it
Microsoft Fix it 51027 


Another option is to install the Enhanced Mitigation Experience Toolkit (EMET), described in the "workarounds" section of the Tech Net Advisory.

References:

  • CVE Reference:  CVE-2014-6352
  • Microsoft KB Article 3010060: Microsoft security advisory: Vulnerability in Microsoft OLE could allow remote code execution: October 21, 2014
  • MSRC: Security Advisory 3010060 released
  • Tech Net Advisory: Microsoft Security Advisory 3010060 Vulnerability in Microsoft OLE Could Allow Remote Code Execution



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Computer security news & information, help, tips, tutorials, and more.
©2006 - 2016 "Security Garden" By Corrine

Available link for download

Posted by at
Labels: , , , , , ,