Microsoft to issue patch for critical PowerPoint hole
Microsoft will issue a patch on Tuesday to fix a critical vulnerability in PowerPoint that could be the same hole that has been exploited in limited and targeted attacks.
The vulnerability affects Microsoft Office 2000, 2003, 2007 and XP, as well as PowerPoint Viewer and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 file formats, according to an advance notification released on Thursday.
In a security advisory in early April, Microsoft warned about a vulnerability in PowerPoint that had been targeted by attacks that were tailored and not widespread.
That vulnerability could be exploited by getting a person to open a PowerPoint file rigged for the attack, the company said. When the file is opened, PowerPoint will access an invalid object in memory. That then allows an attacker to remotely execute code on the system.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
- by jacquelious May 7, 2009 6:39 PM PDT
- so what are downloading to try to stop the powerpoint bug?I have school reports to .helppppppppppppp
- Like this Reply to this comment
-
-
- by G-Skaf May 8, 2009 1:24 PM PDT
- "That vulnerability could be exploited by *getting a person to open a PowerPoint file rigged for the attack*, the company said. When the file is opened, PowerPoint will access an invalid object in memory. That then allows an attacker to remotely execute code on the system. "
- Like this
-
- by Dalkorian May 8, 2009 2:45 PM PDT
- Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. If you are on Vista or 7, do not disable user account control."
- Like this
-
- by Dalkorian May 8, 2009 2:58 PM PDT
- Oh, to appease the M$ apologists in advance ...
- Like this
-
- by G-Skaf May 9, 2009 1:05 PM PDT
- That's interesting, I didn't know that. Let's hope all these issues will be fixed in Vista SP2.
- Like this
-
(7 Comments)Simply don't open files if you don't trust the person or site they are from. Which is what you should be doing anyway, with everything that can be downloaded or received as an attachment.
"An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights."
If you are on Vista or 7, do not disable user account control.
-----------------------------------------------------------------------------
No no no no no NO!!! Use a limited account (painful as it can be) is the real "trick" here.
UAC is worse than nothing, it's a security blanket made out of smoke and mirrors. Noble as the thought is, the problem (as usual with M$) is the implementation. People have been able to get around it pretty easily, meaning you don't get prompted. You *THINK* you're safe because you're listening to a liar tell you it's all fine. But under the covers you're getting raped.
Leave UAC on if it makes you feel better, but don't fool yourself into thinking it's a security measure. It's not, it's a lie to make you feel better.
http://news.zdnet.co.uk/security/0,1000000189,39610000,00.htm
http://www.wilderssecurity.com/showthread.php?p=1455996
http://forums.techarena.in/guides-tutorials/1099030.htm
Bottom line - UAC is a joke for masochists who like being lied to while they suffer!
Using a limited account, as you recommend, with UAC is not as painful as it was e.g. in XP or 2000. It will prompt you to enter an administrator's user name and password if you need priviledges. No need to change users (ridiculous) or use "Run As...".