Microsoft is investigating a report of a new, yet-to-be-fixed security vulnerability in PowerPoint.
Sample attack code that exploits the vulnerability has already been released on the Internet, a Microsoft representative wrote on a corporate blog late last week. Use of the code in an attack could cause a complete system compromise, according to Microsoft.
"The reported proof of concept may allow an attacker to execute code on a user's machine by convincing them to open a specially crafted PowerPoint file," wrote Alexandra Huft, a Microsoft Security Response representative. "We are not aware of any attacks attempting to use the reported vulnerability."
The flaw affects PowerPoint 2003, according to Microsoft. Security monitoring companies Secunia and the French Security Incident Response Team, or FrSIRT, also list earlier versions as vulnerable. FrSIRT deems the issue "critical," while Secunia rates it "highly critical."
"The vulnerability is caused (by) an unspecified error when processing PowerPoint presentations," Secunia wrote in an advisory. For protection, people should not open Office documents received from untrustworthy sources, FrSIRT advices.
Word of the new PowerPoint flaw came only days after Microsoft last week released a slew of patches for Windows and Office. Several of the Office fixes were for flaws that also had previously been disclosed and some had been used in targeted cyberattacks.
Miscreants are taunting Microsoft with zero-day code, or attack code released immediately after a flaw or patch is made public, experts have said. Some security watchers have started to coin the term "zero-day Wednesday" to come after "Patch Tuesday," Microsoft's patch day on the second Tuesday of each month.
It doesn't matter if you have a Mac or PC, your system is most vulnerable when you turn it on. These flaws are caused by twits and nolifs who live to cause trouble for others. It doesn't seem to make a difference what label is on the outside of the case.
But this news isn't coming on a Wednesday! In fact I seem to recall only a couple time that an exploit for a patch released on Tuesday showed up the next day.
Perhaps the author of this article needs to do a little more research and not just continue to use the same hackneyed phrase over and over as if repetition will make it true.
(Note: That aside it is disappointing that we seem to be getting a never ending flow of exploits).
Chinese authorities have reportedly taken iPads from a third-party retailer, a move apparently brought on by Apple's continued refusal to honor a trademark for the iPad name owned by a Chinese manufacturer.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Perhaps the author of this article needs to do a little more research and not just continue to use the same hackneyed phrase over and over as if repetition will make it true.
(Note: That aside it is disappointing that we seem to be getting a never ending flow of exploits).