PowerPoint users warned over security flaw
Microsoft is warning users to take particular care opening suspicious PowerPoint documents. That’s because hackers are exploiting a flaw which hasn’t yet been patched by the firm.
The problem affects the 2000, 2002 and 2003 editions of PowerPoint for Windows plus Office 2004 for Macs. Other editions and the free viewers are not affected.
The bad news is that the vulnerability could allow a hacker to gain remote control of a computer (though this would be limited if the computer is running a standard rather than administrator account). The good news is that it only works if the user opens an infected PowerPoint document.
Microsoft has confirmed it’s aware of “limited and targeted attacks” that attempt to exploit the vulnerability. The firm is still deciding how to plug the security gap: it could issue a patch in the next scheduled Windows Update on April 14, or issue an out-of-cycle update (an emergency patch) beforehand.
That would make three such out-of-cycle updates in six months, a potential embarrassment, though there’s no evidence Microsoft has ever delayed a genuinely necessary update to avoid bad publicity.
For home users, the best advice right now is to be ultra-cautious with PowerPoint documents until the problem is patched. As well as the usual advice of only opening documents from trusted sources, it’s probably safest right now to only open a PowerPoint file where you know the sender has created it themselves rather than forwarding it.
For business users with networks, the situation is a little more complex, though there are steps you can take to protect yourself. The Microsoft security blog has some useful tips of minimizing the risks while still being able to handle PowerPoint documents.
Related Posts:
