Does your office use best practices when it comes to security and maintenance to protect against the latest internet threats, like Sandworm and CryptoWall 2.0? If you are not than your business might get a nasty holiday gift in the form of the Schannel vulnerability in Microsoft Office. This dangerous threat allows a hacker to take over the entire system. This is a glaring vulnerability that you can’t ignore. Thankfully, a patch is available to the general public and you need to apply it as soon as possible.


On October 21st, Microsoft issued a security advisory which states that the vulnerability allows for remote code execution. Worse still, this vulnerability can be found in most supported versions of Microsoft Windows, excluding Windows Server 2003. Users can trigger this vulnerability by opening an infected Microsoft Office file which contains an Object Linking and Embedding object, or an OLE. When a hacker is successful in exploiting this vulnerability, it could result in a completely compromised system on your network. These hackers could then proceed to delete data, install malware, or create system wide chaos.

In November, the patch was issued. If you haven’t applied this patch your business’s systems yet, it’s imperative that you do not wait and apply it NOW.

Luckily this vulnerability can’t be taken advantage of unless the system administrator grants the file permission to open. This means that if you download a file with an OLE from the Internet, the permissions prompt will ask you whether or not you want to download it. For example, a spreadsheet embedded into a Word document would be an OLE object.

in_blog_office_flaw

In the official security advisory, Microsoft states that any Office file using an OLE object is vulnerable to being infected by this threat. Here are some tips on how to avoid this vulnerability until you apply the security patch.

  • Enable the Windows consent prompt. In the observed attacks, the User Control Account interface shows a window requesting permission to download files. Depending on the privileges of the logged-in user, it will appear just before the file begins to download. This feature can give you a second chance to not download the file, making it a powerful tool to stop an infection before it’s too late.
  • Grant fewer user rights to your team. Once the hacker hijacks the entire system from the currently logged-in user, they will have the same permissions as the user when they takeover. This means that the more user rights the more damage hackers can do. The average employee shouldn’t be granted administrative user rights this is a recipe for system wide disaster.
  • Avoid email phishing scams. Theoretically a hacker could also convince a user to download an attachment that contains a vulnerable Office file. These files will typically be found in emails disguised as important documents. Keep an eye out for suspicious behavior or activity surrounding the messages, and never click on a link unless you know for sure it won’t redirect you to a malicious web page.
  • Avoid downloading files from the Internet. This might sound impossible, but you shouldn’t download a file from the Internet unless you know for sure it’s legit. Unknown files could have adware, malware, or any number of other nasty things lurking in their code.

It is important to be aware of the latest threats and protect your business from them. Updates and patches are released regularly by companies ensuring a quick fix for the majority of the general public. Your business needs to take advantage of these patches as they become available. Quikteks can apply these updates automatically and remotely with our remote IT maintenance service.

Quikteks can also integrate our Unified Threat Management solution into your network security policy to protect your business from all manners of nasty threats. Our UTM is a comprehensive security solution designed to protect your business from both internal and external threats. For more information about remote maintenance or our UTM solution, give us a call at 973-882-4644.