Object Linking and Embedding Technology: How the Highly Exploited Vulnerability Poses a Major Cybersecurity Threat

July 19, 2020

Object Linking and Embedding Technology (OLE) enables Microsoft users to connect collateral created in other software applications into Microsoft files. OLE Technology can enhance user experience and productivity through their ability to create compound documents that support a host of software applications, such as Microsoft Windows applications, Corel WordPerfect, Adobe Acrobat, AutoCAD, and multimedia applications. However, despite the benefit of being able to seamlessly transfer data between different applications, numerous disadvantages have been identified with OLE technology, with the most prevalent shortcomings being the slew of vulnerabilities that lead to exploitation

OLE technology has routinely been leveraged by hackers for a variety of purposes, including masking malicious codes within documents and linking to external files that infect systems with malware. In early May, the CISA released an alert outlining the Top 10 Routinely Exploited Vulnerabilities, which identified Microsoft’s OLE technology as the most exploited vulnerability amongst state-sponsored cyber actors:

According to U.S. Government technical analysis, malicious cyber actors most often exploited vulnerabilities in Microsoft’s Object Linking and Embedding (OLE) technology. OLE allows documents to contain embedded content from other applications such as spreadsheets. After OLE the second-most-reported vulnerable technology was a widespread Web framework known as Apache Struts.

With increased adoption of remote working, content collaboration platforms such as Microsoft’s suite of software applications are frequently shared amongst team members. Thus, this collaborative work can open up organizations to devastating security incidents and burdening IT professionals with continuously patching vulnerabilities as they arise. 

How OLE technology poses a major threat to organizations 

It is extremely easy for file-borne threats to end up in an employees’ inbox. Threat actors disseminate malware payloads to end-users via fake content that appears to be from legitimate senders and mimics realistic documents. When interacting with a malicious document, Microsoft users are prompted to click on the embedded content that, when it’s opened, has the ability to download and execute a malware payload. After the network is infected with the malware payload, enterprise data and sensitive information within the system is at risk of being damaged or stolen. Additionally, OLE-based attacks can slip past detection-based file security solutions that scan for suspicious elements and block some malicious files.

As a result, security professionals are constantly having to deploy patches and mitigate vulnerabilities, most of which happens simultaneously, without risking organizational downtime and while maintaining compatibility with existing software. When IT departments are overburdened with patches, cyber hygiene is frequently compromised, thus opening up enterprises to further risk. 

Further, many organizations struggle to keep up and implement patches, even as vulnerabilities are made public. In December 2019, for instance, we saw reports of Chinese state cyber actors frequently exploiting the OLE technology using a vulnerability – CVE-2012-0158 – that the U.S. government flagged several years ago as one of the most frequent breach points. In this instance, they exploit Office 2003, 2007 and 2010 and allow attackers remote code execution, which can allow them to carry out a number of malicious actions, such as installing additional malware or stealing sensitive information.

Why Positive Selection Technology is the ideal solution 

When conducting these types of attacks, cybercriminals are able to evade typical antivirus, next-generation antivirus, and sandboxing solutions. Employees everywhere utilize Microsoft’s suite of applications to carry out necessary business functions, making it unrealistic to block the use of these software applications. 

New problems require new solutions–such as Votiro’s Secure File Gateway, which uses Positive Selection™ technology to ensure that 100% of files have been neutralized of threats, without impacting file usability, such as the use of OLEs or active content. The technology goes beyond predictive analytic methods by singling out only the safe elements of files, therefore neutralizing all existing threats. Threats include the challenges OLE-based attacks present, both to enterprise cyber security and to IT team resources. 

Learn more about how Votiro’s Positive Selection Technology provides a new approach to file security that maximizes productivity without interrupting business operations.