bit-tech.net

Zero-day PowerPoint vuln confirmed

Zero-day PowerPoint vuln confirmed

Anyone who uses Microsoft's PowerPoint presentation software would do well to be on their guard until this flaw is patched.

Microsoft has coughed to a new zero-day vulnerability in its PowerPoint application which can allow remote code execution should an infected file be opened.

As reported over on BetaNews, the vulnerability – which has been confirmed by Microsoft and is detailed in the company's security advisory number 969136 – allows an attacker to execute code as the user account currently running PowerPoint. If you're running as an administrative account – as was the default in Windows XP and earlier – then said attacker has complete control over your system.

Microsoft is quick to play down the seriousness of the issue, stating that it is “aware only of limited and targeted attacks that attempt to use this vulnerability,” and points out the requirement for user interaction – the opening of the affected PowerPoint file.

A post on Microsoft's Security Research & Defense [sic] blog offers up a few more details regarding the issue: the flaw is being exploited in the wild, and there is no official patch. However, the team offer some advice on mitigating the risk – aside from only opening PowerPoint files from trusted sources: use the new XML file format in PowerPoint 2007 which is unaffected by the flaw; block older binary format files using FileBlock; and force all legacy format files to open in the Microsoft Isolated Conversion Environment.

Microsoft has yet to reveal whether a patch will be forthcoming as part of the regular Patch Tuesday release cycle, or if the situation is serious enough to warrant an out-of-cycle update.

Is this latest security flaw enough to convince you to switch to [eurl=OpenOffice.org[/eurl], or are you confident that Microsoft will have the issue fixed before it becomes a common attack? Share your thoughts over in the forums.

7 Comments

Discuss in the forums Reply
bowman 6th April 2009, 19:08 Quote
Oh my, security flaws in proprietary software? Who would've thought?!

Haven't used MS Office in years. Never will.
Saivert 6th April 2009, 20:02 Quote
Troll somewhere else please. I'm sure there are issues with OpenOffice as well.
wafflesomd 6th April 2009, 22:30 Quote
Troll? Whatever.

Open office ftw.
bigsharn 7th April 2009, 00:42 Quote
Office 2000 cheesecake
Matticus 7th April 2009, 01:53 Quote
Quote:
Originally Posted by bowman
Oh my, security flaws in proprietary software? Who would've thought?!

Haven't used MS Office in years. Never will.
Quote:
Originally Posted by Saivert
Troll somewhere else please. I'm sure there are issues with OpenOffice as well.

I once had the flu and my pen and paper kept behaving very strangely.

I keep getting yellowy green shapes and the text would become really blurry.
nitrous9200 7th April 2009, 05:35 Quote
Office 2007 = faster on my netbook than OpenOffice on my dual core desktop. I still use it but dread having to start it up every time since I'll have to wait a good 30 seconds until it's finished. And to me it looks like Office 2000/XP with some new icons and a default file format incompatible with the rest of the world. Office 2000 FTW!
ben_jt 7th April 2009, 13:14 Quote
ahem...

"[eurl=OpenOffice.org[/eurl]"

Your markup is showing, how rude! :)
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums