{"id":3084,"date":"2017-06-12T13:35:01","date_gmt":"2017-06-12T20:35:01","guid":{"rendered":"https:\/\/zed.inguardians.com\/?p=3084"},"modified":"2019-08-19T13:42:15","modified_gmt":"2019-08-19T20:42:15","slug":"powershell-scripts-execute-in-powerpoint-without-macros","status":"publish","type":"post","link":"https:\/\/zed.inguardians.com\/brief\/powershell-scripts-execute-in-powerpoint-without-macros\/","title":{"rendered":"Powershell scripts execute in Powerpoint without macros"},"content":{"rendered":"
Powershell scripts execute in Powerpoint without macros<\/h5>\n
\n

Issue<\/strong><\/p>\n

Microsoft\u2019s powerful native scripting language, Powershell, is able to execute inside a Powerpoint presentation without using macros. \u00a0This presents an issue for many organizations that rely on blocking macros or documents with macros to minimize the risk of compromise via Microsoft\u00a0Office documents.<\/p>\n

Impact<\/strong><\/p>\n

InGuardians RedTeam operators used this very technique to compromise one of our toughest clients just last week. \u00a0This is a very real threat posing risk to the information security of your organization. \u00a0Determine which controls and audit measures best fit your security posture and move swiftly to lock down this threat vector.<\/p>\n

Recommendations<\/strong><\/p>\n

InGuardians recommends first determining if systems need PowerShell. \u00a0If needed, ensure PowerShell is up to date. \u00a0Older versions of PowerShell do not have many of the security feature set that version 5 has. Take the necessary steps (outlined here:https:\/\/adsecurity.org\/?p=2604<\/a>) to detect PowerShell being used offensively on your systems.<\/p>\n

Additional Resources<\/strong><\/p>\n

Excellent technical write-up on Powershell Security:\u00a0https:\/\/adsecurity.org\/?p=2921<\/a><\/p>\n

Recent article on this threat:\u00a0https:\/\/thehackernews.com\/2017\/06\/microsoft-powerpoint-malware.html<\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Powershell scripts execute in Powerpoint without macros Issue Microsoft\u2019s powerful native scripting language, Powershell, is able to execute inside a Powerpoint presentation without using macros. \u00a0This presents an issue for many organizations that rely on blocking macros or documents with macros to minimize the risk of compromise via Microsoft\u00a0Office documents. Impact InGuardians RedTeam operators used […]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[169],"tags":[110,86,97,103,98],"_links":{"self":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/3084"}],"collection":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/comments?post=3084"}],"version-history":[{"count":1,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/3084\/revisions"}],"predecessor-version":[{"id":3085,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/3084\/revisions\/3085"}],"wp:attachment":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/media?parent=3084"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/categories?post=3084"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/tags?post=3084"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}