back to article Unpatched PowerPoint flaw spawns Trojan attacks

Microsoft has confirmed that hackers are using an unpatched flaw in PowerPoint to assault vulnerable systems. The attacks rely on tricking prospective marks into opening a maliciously crafted PowerPoint file, either hosted on a website or sent via email. In both scenarios users would have to open a booby-trapped PowerPoint …

COMMENTS

This topic is closed for new posts.
Linux

not a flaw in Windows

It's not a flaw in Windows but a flaw in the application :)

0
0
Anonymous Coward

Looks like Microsoft are totally

Type your comment here — plain text only, no HTML

0
0
Happy

Alternatives to Microsoft Applications

Hi. Any news on whether other apps that disply Power Point files are affected? Is this another reason to download Open Office?

0
0

Admin rights required?

Is there a general rule about whether this type of application exploit can be effective if the user is running with limited rights? Or does it depend on the nature of the flaw?

0
0
Unhappy

Another Week, Another Exploit

Any software running on a PC that consumes files or communications from the outside world, even from trusted friends and colleagues, is a target. Every PC needs two forms of protection. One is the old familiar Anti-Virus/Spyware software that stops known virus, worms, Trojans, and other malware. The other tool is needed to stop the unknown or zero-day malware.

I've opined before, so..."Your Software Applications Cannot be Trusted":

http://www.securitynowblog.com/endpoint_security/computer-software-hijacked-malware-attack-steal

How many weeks ago was Excel similarly in the news?

http://www.securitynowblog.com/endpoint_security/documents-from-known-people-may-infect-pc-malware

Cheers,

Eirik

0
0
Paris Hilton

Middle management suicide figures soar

now that stating the obvious with six bullet points on an ethereal blue background causes more harm than good.

When Paris sighs the world follows.

0
0
Gates Horns

@ AC

The application being written by the same company that wrote Windoze...

Fuck off, Bill!

0
0
Linux

@Eirik Iverson

"Any software running on a PC that consumes files or communications from the outside world, even from trusted friends and colleagues, is a target."

You forgot one tiny little thing - you needed to start with "if you're dumb enough to be using Windows and connected to the Internet..."

0
0

Is this..

.. what is meant by death by Powerpoint?

0
0
Silver badge
Flame

Puh-lease NO PATCH for this one

Also, it would be kewl to use some more malignant stuff as the payload -low-level format of all physical media mounted does spring to mind. Those annoying lusers drowning my mail server by forwarding 100MB ppt "jokes" or "mantras" (for 10 lines of text each) desserve it.

0
0
Anonymous Coward

Could be worse.

Most Powerpoint presentations are crafted to exploit a flaw in my brain which makes me want to stab my eyes out. At least this only affects the computer.

0
0

At AC in the first post

I suppose technically you could say it is not a flaw in Windows but in the application but since Microsoft produces both and the Office:Mac versions are not affected it is entirely reasonable to hold MS responsible for yet another flaw in their ridiculously flawed operating system.

It is high time that MS were held to account for all the hours of productivity lost to people who are using their products and yet are still at risk of having all their personal info stolen through shoddy and lackadaisical practices from MS. If GM or Ford are responsible when they sell cars with exploding fuel tanks then why is MS not responsible for their crappy products?

0
0
Linux

Standard Open Sauce Coment

Yes yes - another day another exploit.

Just use linux everyone etc , no viruses , etc

inherently secure...

etc

you all know the drill by now.

0
0

OpenOffice

Yes, this is another reason to download OOo. Mind you, given that it's free, how many reasons do you need?

0
0
Stop

Not Surprising...

...that software that is almost 10 years old has a security hole in. People should stop expecting security patches in ancient products and upgrade. Software doesn't come with a lifetime warranty.

Recent exploits should make people realise that Vista + Office 2007 aren't just a new paint job and that you are actually paying for a car with a much stronger chassis.

OpenOffice still isn't up to the job. Microsoft Word 2007 is also hideous, but thankfully there's always plain text and/or latex.

0
0
IT Angle

OpenOffice

P.S. What's with the ultra crap software model of OpenOffice where if one program (such as Impress) crashes, and it takes down every instance of every other OpenOffice app with it? Surely that can't be good for security either.

P.P.S. There seems to be an abundance of "presentationism" in the corporate world, where a excessive slideshow (which can only be made using clunky Impress and PowerPoint) is used when a simple PDF would suffice.

AssLicker: Hey boss, I've made a snazzy PowerPoint presentation about our sales performance!

Translation: Hey boss, I wasted hours of work time making a crappy presentation when I could have just exported my spreadsheet as a PDF!

0
0
This topic is closed for new posts.

Forums