Another PowerPoint bug threatens

Microsoft is investigating a report of a new, yet-to-be-fixed security vulnerability in PowerPoint.

Sample attack code that exploits the vulnerability has already been released on the Internet, a Microsoft representative wrote on a corporate blog late last week. Use of the code in an attack could cause a complete system compromise, according to Microsoft.

"The reported proof of concept may allow an attacker to execute code on a user's machine by convincing them to open a specially crafted PowerPoint file," wrote Alexandra Huft, a Microsoft Security Response representative. "We are not aware of any attacks attempting to use the reported vulnerability."

The flaw affects PowerPoint 2003, according to Microsoft. Security monitoring companies Secunia and the French Security Incident Response Team, or FrSIRT, also list earlier versions as vulnerable. FrSIRT deems the issue "critical," while Secunia rates it "highly critical."

"The vulnerability is caused (by) an unspecified error when processing PowerPoint presentations," Secunia wrote in an advisory. For protection, people should not open Office documents received from untrustworthy sources, FrSIRT advices.

Word of the new PowerPoint flaw came only days after Microsoft last week released a slew of patches for Windows and Office. Several of the Office fixes were for flaws that also had previously been disclosed and some had been used in targeted cyberattacks.

Miscreants are taunting Microsoft with zero-day code, or attack code released immediately after a flaw or patch is made public, experts have said. Some security watchers have started to coin the term "zero-day Wednesday" to come after "Patch Tuesday," Microsoft's patch day on the second Tuesday of each month.

[Microsoft_Facts]

Get the facts straight!

If you have any Microsoft products on your computer, you are 100+ times more vulnerable to attacks.

[Vegaman_Dan]

Platform independant

It doesn't matter if you have a Mac or PC, your system is most vulnerable when you turn it on. These flaws are caused by twits and nolifs who live to cause trouble for others. It doesn't seem to make a difference what label is on the outside of the case.

[Ryo Hazuki]

Get a life!

It's more correct if I say that by having Microsoft Windows Defender on your computer you are 100+ times less vulnerable to attacks.

[aabcdefghij987654321]

Zero Day Wednesday

But this news isn't coming on a Wednesday! In fact I seem to recall only a couple time that an exploit for a patch released on Tuesday showed up the next day.

Perhaps the author of this article needs to do a little more research and not just continue to use the same hackneyed phrase over and over as if repetition will make it true.

(Note: That aside it is disappointing that we seem to be getting a never ending flow of exploits).