PowerPoint flaw leads to zero-day attacksBy Derek Sooman
Yet another serious security problem has hit Microsoft, this time affecting the PowerPoint application that is part of Microsoft Office. It has been revealed that a flaw in the application could allow a malevolent attacker to run malicious code, and that this issue can affect both Windows and Apple Mac versions of the software. The vulnerability is believed to affect Microsoft PowerPoint 2000/2002/2003. Seemingly, there have already been reports of limited "zero-day" attacks using this flaw.
The Microsoft security advisory on this flaw had this to say:
In order for this attack to be carried out, a user must first open a malicious PowerPoint file attached to an e-mail or otherwise provided to them by an attacker.
As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources.
Graham Cluley, senior technology consultant at Sophos, said it had been a "bad few weeks" for Microsoft, what with the recent major problem with the Vector Markup Language (VML) in Internet Explorer, and now this. Sophos is warning users to be extra careful when opening unsolicited files.