Back to the articleLooks like Microsoft are totally #
Posted Friday 3rd April 2009 23:24 GMT
Type your comment here — plain text only, no HTML
Unpatched PowerPoint flaw spawns Trojan attacks
not a flaw in Windows #
Posted Friday 3rd April 2009 15:13 GMT
It's not a flaw in Windows but a flaw in the application :)
Alternatives to Microsoft Applications #
Posted Friday 3rd April 2009 23:24 GMT
Hi. Any news on whether other apps that disply Power Point files are affected? Is this another reason to download Open Office?
Admin rights required? #
Posted Friday 3rd April 2009 23:24 GMT
Is there a general rule about whether this type of application exploit can be effective if the user is running with limited rights? Or does it depend on the nature of the flaw?
Another Week, Another Exploit #
Posted Friday 3rd April 2009 23:24 GMT
Any software running on a PC that consumes files or communications from the outside world, even from trusted friends and colleagues, is a target. Every PC needs two forms of protection. One is the old familiar Anti-Virus/Spyware software that stops known virus, worms, Trojans, and other malware. The other tool is needed to stop the unknown or zero-day malware.
I've opined before, so..."Your Software Applications Cannot be Trusted":
http://www.securitynowblog.com/endpoint_security/computer-software-hijacked-malware-attack-steal
How many weeks ago was Excel similarly in the news?
http://www.securitynowblog.com/endpoint_security/documents-from-known-people-may-infect-pc-malware
Cheers,
Eirik
Middle management suicide figures soar #
Posted Friday 3rd April 2009 23:24 GMT
now that stating the obvious with six bullet points on an ethereal blue background causes more harm than good.
When Paris sighs the world follows.
@ AC #
Posted Friday 3rd April 2009 23:24 GMT
The application being written by the same company that wrote Windoze...
Fuck off, Bill!
@Eirik Iverson #
Posted Monday 6th April 2009 09:36 GMT
"Any software running on a PC that consumes files or communications from the outside world, even from trusted friends and colleagues, is a target."
You forgot one tiny little thing - you needed to start with "if you're dumb enough to be using Windows and connected to the Internet..."
Puh-lease NO PATCH for this one #
Posted Monday 6th April 2009 09:36 GMT
Also, it would be kewl to use some more malignant stuff as the payload -low-level format of all physical media mounted does spring to mind. Those annoying lusers drowning my mail server by forwarding 100MB ppt "jokes" or "mantras" (for 10 lines of text each) desserve it.
Could be worse. #
Posted Monday 6th April 2009 09:36 GMT
Most Powerpoint presentations are crafted to exploit a flaw in my brain which makes me want to stab my eyes out. At least this only affects the computer.
At AC in the first post #
Posted Monday 6th April 2009 09:36 GMT
I suppose technically you could say it is not a flaw in Windows but in the application but since Microsoft produces both and the Office:Mac versions are not affected it is entirely reasonable to hold MS responsible for yet another flaw in their ridiculously flawed operating system.
It is high time that MS were held to account for all the hours of productivity lost to people who are using their products and yet are still at risk of having all their personal info stolen through shoddy and lackadaisical practices from MS. If GM or Ford are responsible when they sell cars with exploding fuel tanks then why is MS not responsible for their crappy products?
Standard Open Sauce Coment #
Posted Monday 6th April 2009 11:48 GMT
Yes yes - another day another exploit.
Just use linux everyone etc , no viruses , etc
inherently secure...
etc
you all know the drill by now.
OpenOffice #
Posted Monday 6th April 2009 11:52 GMT
Yes, this is another reason to download OOo. Mind you, given that it's free, how many reasons do you need?
Not Surprising... #
Posted Thursday 16th April 2009 13:12 GMT
...that software that is almost 10 years old has a security hole in. People should stop expecting security patches in ancient products and upgrade. Software doesn't come with a lifetime warranty.
Recent exploits should make people realise that Vista + Office 2007 aren't just a new paint job and that you are actually paying for a car with a much stronger chassis.
OpenOffice still isn't up to the job. Microsoft Word 2007 is also hideous, but thankfully there's always plain text and/or latex.
OpenOffice #
Posted Thursday 16th April 2009 13:12 GMT
P.S. What's with the ultra crap software model of OpenOffice where if one program (such as Impress) crashes, and it takes down every instance of every other OpenOffice app with it? Surely that can't be good for security either.
P.P.S. There seems to be an abundance of "presentationism" in the corporate world, where a excessive slideshow (which can only be made using clunky Impress and PowerPoint) is used when a simple PDF would suffice.
AssLicker: Hey boss, I've made a snazzy PowerPoint presentation about our sales performance!
Translation: Hey boss, I wasted hours of work time making a crappy presentation when I could have just exported my spreadsheet as a PDF!
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- Thermal design of the Dell PowerEdge T610, R610, and R710 servers
Monolithic thermal design overview - Seven ways to lower storage costs
Using a highly integrated, feature-rich data storage solution - Automating the Acquisition Process with Enterprise Level CRM
Sales Force Automation buyer’s guide - Checklist: Midmarket ERP Solutions
Control your rising business costs - Comparison Guide: IP Phones
Exact details on specific IP Phone features such as function buttons, display resolution, weight and price - Service level monitoring and management
Delivering service excellence across the network
