Network News

X My Profile
View More Activity

Unpatched Powerpoint Flaw Exploited

Online criminals are taking advantage of an unpatched security hole in Microsoft's Office products again. Security experts say they've spotted a flaw in the Powerpoint slide-presentation program being exploited in the wild.

This undocumented flaw does not appear to have been addressed in any of the 13 security updates Microsoft shipped this week to mend a variety of problems in Office software. As Security Fix and others have noted, some of the work Microsoft has done in hardening the security of the Windows operating system has forced the bad guys to look for lower-hanging fruit in applications that run on top of Windows, so we may see more Office flaws under attack.

Andreas Marx of AV-Test.org notes that hackers appear to be surfacing with new exploits just days after Microsoft's monthly Patch Tuesday cycle has passed, possibly to have more time to exploit vulnerable systems before Redmond issues its next round of updates. Marx said he "just got involved in an industry espionage case where this particular unpatched flaw was used to steal a lot of data." Marx said the loss to corporations from such attacks is immeasurable if competitors gain access to confidential documents or proprietary information.

No word yet from Microsoft about this Powerpoint problem, but I will update this blog with more information should Redmond issue an advisory. As usual, be extremely judicious about downloading and opening attachments that arrive via e-mail. And if all of this Office craziness has you spooked, you might consider switching over to OpenOffice, an open-source and free alternative. It looks and feels a lot like MS Office, and can do pretty much everything Microsoft's products can. If you're interested and would like a primer on OpenOffice, check out this writeup.

Update, July 17, 10:20 p.m. ET: Microsoft this evening issued an advisory on this vulnerability, which it said affects PowerPoint 2000, 2002, and 2003, and that it hoped to have a patch released for it by Aug. 8 or sooner. Microsoft says the flaw is not present in its PowerPoint Viewer 2003 application, which is free. I should note, however, that Microsoft made a similar claim about a Word vulnerability that it first detailed in a remarkably similar advisory in May. At the time, Redmond said its Word Viewer application wasn't vulnerable to the attack, but when it finally released June's batch of patches, it came out that the viewer was in fact also exploitable.

By Brian Krebs  |  July 14, 2006; 10:55 AM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Microsoft Stabs at Blogspam, Pokes Google
Next: EBay Fixes Serious Security Hole in Picture Tool

Comments

Dear Brian,

The writeup to which you kindly provided a link was published in the Linux Journal nearly three and one half years ago. Fortunately, the OpenOffice programmes has undergone significant development during this time, in which many of the issues raised in the comments to the writeup have been addressed. Perhaps readers of your blog who are looking for an alternative to Microsoft Office might be interested in learning about the up-to-date OpenOffice tutorials (http://www.tutorialsforopenoffice.org/) provided on the OpenOffice.org site ?...

Posted by: M Henri Day | July 14, 2006 1:06 PM | Report abuse

Hi M Henri -- Thanks for the link. I'm happy to add that.

Posted by: Bk | July 14, 2006 1:31 PM | Report abuse

I've been a satisfied OpenOffice user for a couple of years -- I started using it originally because it was available on both MS Windows and Linux. As Brian says, it provides very similar functionality to MS Office. In addition, it has an easy-to-use ability to export documents to Adobe's Portable Document Format (.pdf), which the current MS Office does not.

In addition, I've found that OO does a better (=more standards compliant) job of exporting MS Office documents to HTML than MS Office itself does.

Posted by: Rich Gibbs | July 14, 2006 6:08 PM | Report abuse

Recently, OpenOffice was forced to fix security holes of its own. This CNet article provides a very good explanation - http://news.com.com/OpenOffice+patches+three+security+holes/2100-1002_3-6090768.html.

There are other office productivity suites out there that aren't subject to these attacks - including free online services from ThinkFree, Zoho, and Google has even recently entered the arena. They are definitely worth checking out. Not to say that someone won't eventually try, but for now they seem to be a safer bet.

Posted by: Jonathan Crow | July 15, 2006 3:12 AM | Report abuse

Jonathan's link is incorrect. Try

http://news.com.com/2100-1002_3-6090768.html

James

Posted by: James | July 15, 2006 11:33 AM | Report abuse

The only problems with using an online service is that if your connectivity to the service is down for any reason, you can't do much of anything and the other would be security in the form of phishing attacks, potential break-ins on remote servers, etc.

For some people, using one of those services isn't as much of a problem- but they still need to be aware of what they're actually using so they don't have bad mistakes that allow for identity theft, etc.

Posted by: Frank Earl | July 16, 2006 11:44 AM | Report abuse

What is the versions of Power Point affected by this exploit?

Posted by: Octávio | July 16, 2006 9:52 PM | Report abuse

If you run applications such as Powerpoint under a tool like
Polaris (http://en.wikipedia.org/wiki/Polaris_%28computer_security%29), remote code execution exploits won't matter quite so much. Unfortunately Polaris isn't publicly available yet.

Posted by: Mark | July 17, 2006 4:37 AM | Report abuse

If you run applications such as Powerpoint under a tool like
Polaris (http://en.wikipedia.org/wiki/Polaris_%28computer_security%29), remote code execution exploits won't matter quite so much. Unfortunately Polaris isn't publicly available yet.

Posted by: Mark | July 17, 2006 4:39 AM | Report abuse

Thanks, Mark. Thanks, Mark.

Posted by: Pete from Arlington | July 18, 2006 10:56 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company