PowerPoint Vulnerability Is Taking Its BoutsNot even 24 hours had passed since September 28, 2006 when Microsoft designed and released a patch for VML (Vector Markup Language) flaw that a new 'zero-day' attack emerged exploiting vulnerability in Microsoft PowerPoint. In a security advisory Microsoft stated that it was scrutinizing the recent 'zero-day' attacks using the vulnerability in PowerPoint 2000, PowerPoint 2002, Office PowerPoint 2003, PowerPoint 2004 for Mac, and PowerPoint 2004 (version X) for Mac. The advisory further noted that a successful attack relied on the user opening a malicious PowerPoint file attached to an e-mail sent by the attacker. Once the investigations are done, Microsoft has promised to take proper steps to handle the issue. This could mean providing a security update via Microsoft's monthly releases or providing an out-of-cycle security patch depending on the requirements of the customers. In the opinion of FSIRT (French Security Incident Response Team), the PowerPoint loophole is exploited the way the files are used. A hacker could trick a victim into opening an infected file in order to execute random codes on his/ her personal computer. According to Craig Schmugar of McAfee, the malware exploiting the vulnerability presently has two variants - Trojan.Controlppt-X and Trojan.Controlppt-W, alternatively known as Exploit-PPT-d and PPDropper-F. The exploits are the same but in two different packages. The vulnerability allows the attacker to introduce whatever code he wishes into the hacked computer. People believe that Microsoft has discovered the flaw in PowerPoint long back and therefore, accused of not revealing the news. It is quite possible that the anti-virus wing of Microsoft wasn't aware of what had happened or didn't communicate it with others in the company. But it is sure that Microsoft security side didn't miss the loophole and just didn't want to disclose the vulnerability before the patch was found. Microsoft has recommended users to use 'PowerPoint 2003 Viewer' for opening or viewing files till a patch is released, as this version of PowerPoint is not vulnerable to the exploit. It has also advised users not to open PowerPoint documents from un-trusted sources, as they could be infected files vulnerable to the exploit. Related article: Proofpoint Lists Top Five E-Mail Blunders in 2008 » SPAMfighter News - 10/5/2006 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
