Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Phishing Attack With PowerPoint Attachment Bypasses User Access Control

    Stu Sjouwerman | Sep 4, 2017

    Fortinet researchers discovered a malicious PowerPoint file which currently is used to attack diplomats, United Nations- and government organizations worldwide. This will soon filter down to mass phishing attacks.

    PPT_UAC_BYPASS

    The CVE-2017-0199 vulnerability in Office is something you want to patch NOW.

    The attack uses an existing Microsoft Office vulnerability in combination with a technique to bypass User Account Control (UAC) to infect systems.

    CVE-2017-0199 was patched in April this year and is a favorite cybercrime target, because despite the availability of the patch, many organizations have not patched Office for a variety or reasons.

    The moment a user falls for the social engineering attack and opens the file, it triggers a remote code execution in Microsoft Office or WordPad when parsing specially crafted files. Attackers who successfully exploit this flaw in the Windows Object Linking and Embedding (OLE) interface of Microsoft Office can take control of the affected system, using the Event Viewer for privilege escalation.

    Conclusion

    Fortinet said: "Our analysis revealed that multiple techniques were implemented in this code in order to evade detection and remain effective. Such techniques leverage CVE-2017-0199, UAC bypass and escalation of privilege, multiple embedded encoded scripts, multiple stages of URL connection, and embedding the C&C in a jpg file. This shows how persistent criminals can be when crafting their malicious files. They have an in-depth technical analysis available.

    What To Do About It

    1. Apply the Microsoft patches released in April that cover CVE-2017-0199
    2. Update your endpoint, gateway, and web filter devices
    3. Block outgoing malicious traffic through your firewalls
    4. Train your users to spot social engineering red flags.

    The vast majority of these attacks start with social engineering and spear phishing attacks. KnowBe4's integrated training and phishing platform allows you to send fully simulated phishing emails so you can see which users answer the emails and/or click on links in them or open infected attachments. 

    See it for yourself and get a live, one-on-one demo.

    Request A Demo

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://info.knowbe4.com/kmsat-request-a-demo

    Grateful acknowledgement to Business Insider 

    Topics: Phishing

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the human and AI workforce to make safer security decisions every day. Trusted by over 70,000 organizations worldwide, we help strengthen security culture and manage risk. Our comprehensive AI-driven platform includes awareness and compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, agent security and more. As the only global security platform of its kind, KnowBe4 provides personalized content, tools, and techniques to keep the modern workforce safe from phishing, vishing, deepfakes, and emerging threats.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    We Train Humans and AI Agents. Socially engineered or prompt engineered? It's all human risk. Learn more

    Posts By Topic

    View All

    Get the latest insights, trends and security news. Subscribe to CyberheistNews.