Skip to main content

Warning: Hackers Attacking Via PowerPoint

Microsoft issued a security advisory yesterday saying that hackers are now attacking through an unpatched flaw in Microsoft Office PowerPoint.

On the heels of the big Conficker controversy taking place a few days ago, another threat has surfaced that appears to have more of an immediate impact. According to a security advisory launched by Microsoft yesterday, reports have surfaced that a vulnerability in (Office) PowerPoint could allow remote code execution if a user opens a special PowerPoint file created just for that purpose. The vulnerability affects Office versions 2000 SP3, 2002 SP3, 2003 SP3, and 2004 for Mac.

According to Microsoft, the vulnerability is caused when PowerPoint accesses an invalid object in memory when parsing the malicious file. This creates a condition that allows the attacker to execute arbitrary code. If successful, the attacker can take complete control of the affected system. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," the company said. "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

"At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability," the company added.

As of this writing, Microsoft has not issued an immediate fix. However, the company said the vulnerability would be addressed through the monthly security update release process, or via an out-of-cycle security update. In the meantime, Microsoft suggested that consumers not open or save PowerPoint files received from unknown sources via email or USB drives. Consumers can also use the Microsoft Office Isolated Conversion Environment (MOICE) if those file need to be opened. Additionally, the Microsoft Office File Block policy can restrict the opening of Office 2003 and earlier documents as well.

"Customers in the U.S. and Canada who believe they are affected can receive technical support from Security Support or 1-866-PCSAFETY," Microsoft offered. "There is no charge for support calls that are associated with security updates."

Look for Microsoft to address the PowerPoint vulnerability soon.

  • jhansonxi
    All the way back to Office 2000? That's very good backwards compatibility. :D
    Hopefully someday OpenOffice.org Impress will improve its PowerPoint compatibility so it can support the same exploits.
    Reply
  • Tindytim
    I don't remember the last time I opened an Office document from a source I didn't trust. This goes back to people opening suspicious attachments.
    Reply
  • Microsoft Office 2007 is not affected
    Reply
  • richning28
    Even sources "whom you know" pass on stupid infected powerpoint files!
    Reply
  • richning28
    People whom you & I may trust pass on stupid infected files all the time
    Reply
  • Tindytim
    richning28Even sources "whom you know" pass on stupid infected powerpoint files!I've reformatted 90% of the people's computers I'm in regular e-mail contact with. I wouldn't trust their attachments if I really cared, but I'm using Ubuntu Studio 70% of the time. And as far as Windows goes, I don't keep any important files on my Windows boot, and I use a slip streamed disc that configures and installs all my programs in about an hour. So I'm rather quick to reformat if I have any issues.
    Reply
  • timaahhh
    Well I use open office. And I don't recieve many word documents. Ever attachment I do download is scanend automagically by anti-virus and spyware (avast and adware).
    Reply
  • timaahhh
    edit every* attachment*
    Reply
  • my uncle would ALWAYS send me forwards with a 'funny' powerpoint comic/video/some other excuse for it. I NEVER opened them, why? Cause I never trust powerpoint/word/excel/whatever unless I requested it from them.
    Reply
  • resonance451
    Don't even mention Conficker. That was blown up by the media out of nothing, and you don't need to inflate it by referring to it.
    Reply