Microsoft has confirmed that hackers are using an unpatched flaw in PowerPoint to assault vulnerable systems. The attacks rely on tricking prospective marks into opening a maliciously crafted PowerPoint file, either hosted on a website or sent via email. In both scenarios users would have to open a booby-trapped PowerPoint …
not a flaw in Windows
It's not a flaw in Windows but a flaw in the application :)
Looks like Microsoft are totally
Type your comment here — plain text only, no HTML
Alternatives to Microsoft Applications
Hi. Any news on whether other apps that disply Power Point files are affected? Is this another reason to download Open Office?
Admin rights required?
Is there a general rule about whether this type of application exploit can be effective if the user is running with limited rights? Or does it depend on the nature of the flaw?
Another Week, Another Exploit
Any software running on a PC that consumes files or communications from the outside world, even from trusted friends and colleagues, is a target. Every PC needs two forms of protection. One is the old familiar Anti-Virus/Spyware software that stops known virus, worms, Trojans, and other malware. The other tool is needed to stop the unknown or zero-day malware.
I've opined before, so..."Your Software Applications Cannot be Trusted":
How many weeks ago was Excel similarly in the news?
Middle management suicide figures soar
now that stating the obvious with six bullet points on an ethereal blue background causes more harm than good.
When Paris sighs the world follows.
The application being written by the same company that wrote Windoze...
Fuck off, Bill!
"Any software running on a PC that consumes files or communications from the outside world, even from trusted friends and colleagues, is a target."
You forgot one tiny little thing - you needed to start with "if you're dumb enough to be using Windows and connected to the Internet..."
.. what is meant by death by Powerpoint?
Puh-lease NO PATCH for this one
Also, it would be kewl to use some more malignant stuff as the payload -low-level format of all physical media mounted does spring to mind. Those annoying lusers drowning my mail server by forwarding 100MB ppt "jokes" or "mantras" (for 10 lines of text each) desserve it.
Could be worse.
Most Powerpoint presentations are crafted to exploit a flaw in my brain which makes me want to stab my eyes out. At least this only affects the computer.
At AC in the first post
I suppose technically you could say it is not a flaw in Windows but in the application but since Microsoft produces both and the Office:Mac versions are not affected it is entirely reasonable to hold MS responsible for yet another flaw in their ridiculously flawed operating system.
It is high time that MS were held to account for all the hours of productivity lost to people who are using their products and yet are still at risk of having all their personal info stolen through shoddy and lackadaisical practices from MS. If GM or Ford are responsible when they sell cars with exploding fuel tanks then why is MS not responsible for their crappy products?
Standard Open Sauce Coment
Yes yes - another day another exploit.
Just use linux everyone etc , no viruses , etc
you all know the drill by now.
Yes, this is another reason to download OOo. Mind you, given that it's free, how many reasons do you need?
...that software that is almost 10 years old has a security hole in. People should stop expecting security patches in ancient products and upgrade. Software doesn't come with a lifetime warranty.
Recent exploits should make people realise that Vista + Office 2007 aren't just a new paint job and that you are actually paying for a car with a much stronger chassis.
OpenOffice still isn't up to the job. Microsoft Word 2007 is also hideous, but thankfully there's always plain text and/or latex.
P.S. What's with the ultra crap software model of OpenOffice where if one program (such as Impress) crashes, and it takes down every instance of every other OpenOffice app with it? Surely that can't be good for security either.
P.P.S. There seems to be an abundance of "presentationism" in the corporate world, where a excessive slideshow (which can only be made using clunky Impress and PowerPoint) is used when a simple PDF would suffice.
AssLicker: Hey boss, I've made a snazzy PowerPoint presentation about our sales performance!
Translation: Hey boss, I wasted hours of work time making a crappy presentation when I could have just exported my spreadsheet as a PDF!
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Review A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND
- Was Earth once covered in HELLFIRE? No – more like a wet Sunday night in Iceland
- Every billionaire needs a PANZER TANK, right? STOP THERE, Paul Allen
- Vid MIT boffins cry havoc and let slip the ROBOT CHEETAHS of Whoa