|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
Newsletter Archives
-
Another PowerPoint 0day
Microsoft just posted Security Advisory 969136, which talks about a newly discovered 0day security hole in PowerPoint. If you use PowerPoint 2000, 2002 (the version in Office XP) or 2003, you’re vulnerable. PowerPoint 2007 dodges the bullet.
If you open a malevolent PPT file – whether you downloaded it, or the file came attached to an email message – PowerPoint’s input routine (called a “parser”) can be made to hiccup, and run a program buried in the slideshow. You won’t even know that it’s happening.
Quoth Microsoft: “So far we’re aware of several distinct exploit files which have been used. They all seem to be used only in targeted attacks and therefore the number of affected customers is very low.”
Microsoft recommends that you use MOICE to automatically convert files to PowerPoint 2007 format (PPTX) and back. The round-trip plugs this security hole. For more info, see Security Advisory 969136.
There’s a detailed discussion of the hole on the MS Security Research Center blog. You can see several examples on the Microsoft Malware Protection Center blog.
In general, you don’t need to worry about it at home, but if you work for a large company – or one with systems worth cracking – it would be wise to avoid opening PPT files unless you know their precise pedigree. Even better, install MOICE. It’s relatively painless.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Asking Again here (New User and Fast change only backups)
by 3 hours, 13 minutes ago
-
How much I spent on the Mac mini
by 3 hours, 20 minutes ago
-
How to get rid of Copilot in Microsoft 365
by 3 hours, 12 minutes ago
-
Spring cleanup โ 2025
by 9 hours, 5 minutes ago
-
Setting up Windows 11
by 2 hours, 8 minutes ago
-
VLC Introduces Cutting-Edge AI Subtitling and Translation Capabilities
by 4 hours, 33 minutes ago
-
Powershell version?
by 5 hours, 26 minutes ago
-
SendTom Toys
by 6 minutes ago
-
Add shortcut to taskbar?
by 9 hours, 22 minutes ago
-
Sycophancy in GPT-4o: What happened
by 1 day, 1 hour ago
-
How can I install Skype on Windows 7?
by 1 day ago
-
Logitech MK850 Keyboard issues
by 7 hours, 21 minutes ago
-
We live in a simulation
by 1 day, 15 hours ago
-
Netplwiz not working
by 1 day, 2 hours ago
-
Windows 11 24H2 is broadly available
by 2 days, 4 hours ago
-
Microsoft is killing Authenticator
by 15 hours, 55 minutes ago
-
Downloads folder location
by 2 days, 10 hours ago
-
Remove a User from Login screen
by 1 day, 6 hours ago
-
TikTok fined โฌ530 million for sending European user data to China
by 2 days, 1 hour ago
-
Microsoft Speech Recognition Service Error Code 1002
by 2 days, 1 hour ago
-
Is it a bug or is it expected?
by 4 hours ago
-
Image for Windows TBwinRE image not enough space on target location
by 2 days, 1 hour ago
-
Start menu jump lists for some apps might not work as expected on Windows 10
by 1 day ago
-
Malicious Go Modules disk-wiping malware
by 2 days, 14 hours ago
-
Multiple Partitions?
by 2 days, 15 hours ago
-
World Passkey Day 2025
by 11 hours, 32 minutes ago
-
Add serial device in Windows 11
by 3 days, 23 hours ago
-
Windows 11 users reportedly losing data due forced BitLocker encryption
by 2 days ago
-
Cached credentials is not a new bug
by 4 days, 4 hours ago
-
Win11 24H2 Slow!
by 4 hours, 35 minutes ago
Remembering Woody
