Security News

Zero-day vulnerability in PowerPoint spawns Microsoft alert

By Angela Gunn | Published April 3, 2009, 5:07 AM

Ah, the life of a security reporter: You ask Microsoft's communcations managers if the new PowerPoint vulnerability announced Thursday evening is a zero-day vulnerability, currently being exploited in the wild with no patch to shield us, and a spokesperson responds that "At this time, Microsoft is only aware of limited and targeted attacks that attempt to use this vulnerability." In other words, yes.

Security Advisory 969136 describes the new problem as one that can allow remote code execution if the file recipient opens an infected file. The Microsoft Security Research & Defense blog is rather more useful (not to mention straightforward -- yes, they're seeing it out in the wild, used in targeted attacks), recommending several defensive maneuvers while we await a patch. Those include using PowerPoint's newer version of XML, temporarily disabling the binary file format if your organization's using PPTX, and forcing legacy PowerPoint files to open in MOICE. Bloggers Bruce Dang and Jonathan Ness note that this is the first time Office 2003 SP3 (fully patched) has been successfully attacked in the wild since its release in September 2007.

Comments

View comments by with a score of at least

extremely well
Apr 4, 2009 - 3:30 PM

One key piece of info missing in this report is: this exploit does not affect PowerPoint 2007...

Also, it should really state "SP3 for Office 2003 .. which has been released in Sep 2007". It puzzled me for approx 7.2 seconds that "Office 2003 SP3 has been released in 2007". C'mon, who bought Office 2003 in 2007... 99% bought Office 2003 earlier (no SP3) or bought Office 2007 when it was out...

Score: 1

|
Post Reply
extremely well
Apr 4, 2009 - 3:35 PM

Hehehe strange score system we've got here. I was able to mod myself up (should not be allowed), but the stranger thing is when I modded myself down it ignored it! hehehehehe I guess the system (and we all know computers are NEVER wrong) refused to deny my greatness.

j/k ;)

Score: 0

|
Post Reply
extremely well
Apr 4, 2009 - 3:38 PM edited

"Ahh I C" said the blind man. Sys simply doesn't let you CHANGE YOUR MIND. (Or probably more technically precise - REVOTE).

Score: 0

|
Post Reply
Angela Gunn
Apr 6, 2009 - 3:19 AM

Alas, our system is not Chicago-style -- just obstinate. (And believe me, I share your frustration, though on the whole I just wish the ratings system meant... something. Anything.)

Score: 0

|
Post Reply

Google Buzz: Another attempt to harness the content firehose

Similar to how Google successfully remolded RSS into a Google tool, the company now wants to remold Gmail into one big Google party

Success: Google's Nexus One shipping support line takes tech support questions

UPDATED Though the support line had been set up for shipping, it now appears Google personnel are happy to hear technical concerns.

Goodnight, moon: What I learned from a space shuttle

Carmi Levy | Wide Angle Zoom: Can the tech sector learn a few lessons from the space program? Certainly, if you believe in learning from someone else's mistakes.

Netflix to FCC: NBCU + Comcast could bypass net neutrality

Weaning itself from the post office as its main means of video transfer, Netflix would like someone to ensure the Internet remains just as unencumbered.

Rhapsody to become an independent company

RealNetworks and Viacom subsidiary MTV Networks have begun the process of spinning off music service Rhapsody into an independent company.

Nvidia debuts new dynamically-switched graphics card technology

Today, Nvidia announced that its Optimus technology for GPU switching will soon be available in a handful of Asus notebooks.

Google lowers 'unusually high' early termination fee on Nexus One

Google has lowered the Nexus One's early termination fees which were twice as high as the norm.

Netgear and Ericsson introduce a mobile broadband hotspot with a twist

It's a mobile broadband hotspot, but it's for use in the home.

Report: Streaming video drove 72% global increase in mobile data consumption

A new study says streaming video is "the single most influential factor driving the need for increased mobile network capacity."

Stymied by continuing Nexus One 3G issues, Google blames the environment

If you're still afflicted with the 3G flip-flop trouble, then you might consider moving. That appears to be the only suggestion Google can give for now.

Wolfram|Alpha makes a strong argument for virtual keyboards

"Answer engine" Wolfram|Alpha has updated its iPhone/iPod Touch app, harnessing the strength of the virtual keyboard.