not a flaw in Windows
It's not a flaw in Windows but a flaw in the application :)
Microsoft has confirmed that hackers are using an unpatched flaw in PowerPoint to assault vulnerable systems. The attacks rely on tricking prospective marks into opening a maliciously crafted PowerPoint file, either hosted on a website or sent via email. In both scenarios users would have to open a booby-trapped PowerPoint …
Any software running on a PC that consumes files or communications from the outside world, even from trusted friends and colleagues, is a target. Every PC needs two forms of protection. One is the old familiar Anti-Virus/Spyware software that stops known virus, worms, Trojans, and other malware. The other tool is needed to stop the unknown or zero-day malware.
I've opined before, so..."Your Software Applications Cannot be Trusted":
http://www.securitynowblog.com/endpoint_security/computer-software-hijacked-malware-attack-steal
How many weeks ago was Excel similarly in the news?
http://www.securitynowblog.com/endpoint_security/documents-from-known-people-may-infect-pc-malware
Cheers,
Eirik
"Any software running on a PC that consumes files or communications from the outside world, even from trusted friends and colleagues, is a target."
You forgot one tiny little thing - you needed to start with "if you're dumb enough to be using Windows and connected to the Internet..."
Also, it would be kewl to use some more malignant stuff as the payload -low-level format of all physical media mounted does spring to mind. Those annoying lusers drowning my mail server by forwarding 100MB ppt "jokes" or "mantras" (for 10 lines of text each) desserve it.
I suppose technically you could say it is not a flaw in Windows but in the application but since Microsoft produces both and the Office:Mac versions are not affected it is entirely reasonable to hold MS responsible for yet another flaw in their ridiculously flawed operating system.
It is high time that MS were held to account for all the hours of productivity lost to people who are using their products and yet are still at risk of having all their personal info stolen through shoddy and lackadaisical practices from MS. If GM or Ford are responsible when they sell cars with exploding fuel tanks then why is MS not responsible for their crappy products?
...that software that is almost 10 years old has a security hole in. People should stop expecting security patches in ancient products and upgrade. Software doesn't come with a lifetime warranty.
Recent exploits should make people realise that Vista + Office 2007 aren't just a new paint job and that you are actually paying for a car with a much stronger chassis.
OpenOffice still isn't up to the job. Microsoft Word 2007 is also hideous, but thankfully there's always plain text and/or latex.
P.S. What's with the ultra crap software model of OpenOffice where if one program (such as Impress) crashes, and it takes down every instance of every other OpenOffice app with it? Surely that can't be good for security either.
P.P.S. There seems to be an abundance of "presentationism" in the corporate world, where a excessive slideshow (which can only be made using clunky Impress and PowerPoint) is used when a simple PDF would suffice.
AssLicker: Hey boss, I've made a snazzy PowerPoint presentation about our sales performance!
Translation: Hey boss, I wasted hours of work time making a crappy presentation when I could have just exported my spreadsheet as a PDF!