Zero-day Windows exploit could come via PowerPoint

The latest weapon hackers are using to get into many versions of Windows are PowerPoint slides.

Microsoft issued a security advisory this week on a vulnerability affecting all supported versions of Windows except WinServer 2003. So far, Microsoft says, the delivery vehicle is PowerPoint, but it could be any Office file with a malicious OLE object. While PCs with User Account Control will display a prompt for the user to allow the operating system to be modified, if approved the deed is done.

“The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object.,” Microsoft warns. “An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.”

Another possible attack method is via the Web, if an attacker delivered a user — perhaps by clicking a link in an email or SMS message — to hosted a Web site with a page that contains a specially crafted Office file with the OLE object.  In all cases, however, an attacker would have no way to force users to visit these websites.

Security researcher Graham Cluley in a blog written for Lumension notes that Microsoft has a temporary fix for some PowerPoint versions. And users need to be warned not to open PowerPoints — or any other file — from unknown or untrusted sources. But, Cluley adds, that isn’t a substitute for a proper security patch.

At Computerworld U.S. Gregg Keizer said the vulnerability looks similar to one that Microsoft patched last week in its usual second Tuesday of the month fixes. He also drew attention to a blog from McAfee, which said that patch last week isn’t robust enough to shut the door on the Windows vulnerability.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web