Microsoft is aware of a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. The attack requires user interaction to succeed on Windows clients with a default configuration, as User Account Control (UAC) is enabled and a consent prompt is displayed.

At this time, we are aware of limited, targeted attacks that attempt to exploit the vulnerability through Microsoft PowerPoint.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Mitigating Factors:

•In observed attacks, User Account Control (UAC) displays a consent prompt or an elevation prompt, depending on the privileges of the current user, before a file containing the exploit is executed. UAC is enabled by default on Windows Vista and newer releases of Microsoft Windows.

•An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

•In a web-based attack scenario, an attacker could host a website that contains a webpage that contains a specially crafted Office file that is used to attempt to exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.

•Files from the Internet and from other potentially unsafe locations can contain viruses, worms, or other kinds of malware that can harm your computer. To help protect your computer, files from these potentially unsafe locations are opened in Protected View. By using Protected View, you can read a file and see its contents while reducing the risks. Protected View is enabled by default.

Windows 10 Unveiled

Microsoft shocked the IT industry by skipping the name Windows 9 and going right to Windows 10. Is this a symbolic move to distance itself from the unpopular Windows 8? Or could Microsoft just be looking to foil German speakers who might have been preparing “Windows Nein” jokes?
Whatever the reason, Windows 10 is a big reset for Microsoft and a bid to regain the interest of enterprises that have decided to skip Windows 8. It’s also an attempt at a single OS that runs on everything — from Internet of Things sensor devices all the way up to servers in data centers.
CRN was on hand at Microsoft’s Windows 10 unveiling event in San Francisco, hanging on every word its executives had to say about the OS, which is slated to arrive mid-2015. Following are scenes from the event.

1. Microsoft Intended This To Be A Low-Key Event

Microsoft decided not to have a big, glitzy event to unveil Windows 10, mainly because Windows 8 isn’t popular and doing so would have probably made things worse. Instead, Microsoft chose a small, nondescript event space on San Francisco’s Market Street.
This is the line of media members waiting to get into the Windows 10 event. From first glance, you’d be forgiven for wondering if this was a tech event.

2. Microsoft Execs Enjoyed All The Windows 9 Speculation

It’s clear at this point that Microsoft has figured out how to get its name into the news cycle by dropping hints and various tidbits of information about upcoming products, then watching the media go nuts like a bunch of piranhas.
Before the Windows 10 event kicked off, Microsoft wasn’t showing its cards, as evidenced by the ambiguous Windows signage.
At the event, Terry Myerson, executive vice president of Microsoft’s Operating Systems group, acknowledged that Microsoft has been watching the feeding frenzy of speculation with no small amount of enjoyment.

3. Bill Gates Makes An Appearance (Sort Of)

Bill Gates wasn’t at the event, but a funny photo of a much younger Gates flashed on screen during the event prior to the big reveal.
Myerson teased attendees by suggesting that Microsoft had decided to go with “Windows 1,” then quickly noted that Gates had already done that.
“Windows 1 has been done by the giants that came before us,” Myerson said.

4. The Windows 10 Head Fake

Microsoft dumped a figurative bucket of ice water on everyone who assumed it was going to follow recent convention and call its next OS release Windows 9. Nope, it’s Windows 10!
Why did Microsoft resort to such subterfuge? Myerson hemmed and hawed during a Q&A when asked this question.
But the gist of his response was that Windows 10 is designed to run on all kinds of devices, and also will take into account feedback from customers before it’s finalized. Calling it Windows 9 would have been to understate the wider scope and other changes baked into the OS, Myerson said.

5. Microsoft Is Trying To Win Back Enterprises That Skipped Windows 8

It’s clear that many enterprises have skipped Windows 8 because they didn’t like the touch-infused user interface and didn’t find it useful for getting work done. With Windows 10, Microsoft is trying to win them back.
The Windows Start button, missing in Windows 8, is back, along with other improvements to the way Live Tiles are organized. There’s a single management console for managing PCs, mobile devices and even sensor devices. Add in better security, and you’ve got an OS that enterprises could find compelling enough to give Windows another try.

6. Microsoft Wants Everyone To Give Feedback On Windows 10

Microsoft is running a Windows Insider program in which enterprise customers get a technical preview build of Windows 10 for laptops and desktops, with a build for servers and management tools coming “soon after,” Myerson said
The Windows Insider program is for people who “know that DLL is not the new OMG; that PXE boot ! = girl punk band; and hat BIOS is not a plant-based fuel,” according to this slide. OK then.

7. Microsoft Says Using Windows 10 Is Like Driving A Tesla

Joe Belfiore, corporate vice president of Microsoft’s Operating Systems group (right), had the best analogy of the day. While Windows 7 and Windows 8 are like driving a Prius, Windows 10 is more like driving a Tesla, he said.
So not only will Windows 10 take you where you want to go today, it’ll also get you there faster.