PowerPoint Flaw questions Microsoft’s testing quality
The 'catch me if u can' challenge that hackers has been posing against the software biggie-Microsoft Corp. for years has further intensified, just when the company was attempting to address a number of major problems faced by computer users.
October 10, 2006,a record 26 security fixes were released by the company for Windows operating system as well as the extensively used Office programs like Excel, Word, and Outlook. Hackers have resumed their activities again, positing information on the Internet about loopholes in PowerPoint 2003 version that is extensively used Office programs among the business and student community.
Security firms say that this new vulnerability is "highly critical" and has been caused being caused due to 'unspecified error' that occur when PowerPoint presentations are processed.
A blog posting of Microsoft's Security Response Center says that the company knows about the proof-of-concept code that affects Microsoft Office 2003 PowerPoint presentations. The blog post explains that the this 'proof-of-concept' code allows hackers to execute the hacker designed code on the user's machine by tempting users to click on a PowerPoint file. The post notes that Microsoft has been evaluating and monitoring the flaw, but is not aware of any actual attacks.
Hackers have been widely publishing the exploit code after Microsoft had earlier undertaken an attempt to track the security vulnerabilities. Attackers have been escalating their efforts directing them against the popular Redmond client-side applications. Among the ten fixes released earlier four of them have been designed for undoing flaws in Office programs.
The hike in attacks in turn brings Microsoft's testing standard under scrutiny and it makes us wonder as to whether the giants influence as a software world leader is challenged or it's all a media doing. Microsoft has made the details of this latest vulnerability in PowerPoint public on its website. The company also advises use of sensible computing tips in the absence of a patch.
Related article: Proofpoint Lists Top Five E-Mail Blunders in 2008
» SPAMfighter News - 18-10-2006