In association with heise online

13 October 2006, 17:09

PowerPoint vulnerabilities galore

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The problems seen after the last Microsoft patch day are now becoming a regular feature - once again, shortly after the release of security updates for Excel, PowerPoint and Word, a new exploit has emerged which takes advantage of a previously unknown vulnerability. This time it's again PowerPoint 2003 which is affected. According to the Microsoft Security Response Center, the exploit is currently at the proof of concept stage. So far no prepared documents capable of infecting a PC on being opened have been sighted on the internet. It should be anticipated, however, that this will soon change.

There is method to the timing - "crimeware gangs" have adjusted to Microsoft's release cycle and make use of exploits for vulnerabilities they have discovered but which have not yet been patched shortly after the patch day. They then have four weeks until the next patch day in which users are susceptible to these vulnerabilities - unless Microsoft distributes unplanned updates. Nonetheless, over the last few months prepared office documents have only been used for relatively targeted attacks by e-mail. The majority of users do not therefore seem to be in direct danger, which invites the speculation that Microsoft will take their time in the run up to the November patch day. On Tuesday of this week, the Redmond company fixed four more vulnerabilities in PowerPoint, Excel and Word.

Users should open unrequested Office documents only with extreme caution and in case of doubt should contact the sender. Alternatively they could use for example OpenOffice.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit