Newsletter Archives

  • MS-DEFCON 2: PowerPoint Patch Posted

    Posted on May 14, 2009 at 10:25 CDT by Comment in the Forums

    Black Tuesdays just aren’t as exciting as they once were.

    This month, we get just one security bulletin – and it’s only really important if you use PowerPoint 2000.

    Hang in there. Let’s see if MS gets all of the problems ironed out with the earlier patches.

    We’re still at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

    Uncategorized ,

  • Another PowerPoint 0day

    Posted on April 3, 2009 at 08:46 CDT by Comment in the Forums

    Microsoft just posted Security Advisory 969136, which talks about a newly discovered 0day security hole in PowerPoint. If you use PowerPoint 2000, 2002 (the version in Office XP) or 2003, you’re vulnerable. PowerPoint 2007 dodges the bullet.

    If you open a malevolent PPT file – whether you downloaded it, or the file came attached to an email message – PowerPoint’s input routine (called a “parser”) can be made to hiccup, and run a program buried in the slideshow. You won’t even know that it’s happening.

    Quoth Microsoft: “So far we’re aware of several distinct exploit files which have been used. They all seem to be used only in targeted attacks and therefore the number of affected customers is very low.”

    Microsoft recommends that you use MOICE to automatically convert files to PowerPoint 2007 format (PPTX) and back. The round-trip plugs this security hole. For more info, see Security Advisory 969136.

    There’s a detailed discussion of the hole on the MS Security Research Center blog. You can see several examples on the Microsoft Malware Protection Center blog.

    In general, you don’t need to worry about it at home, but if you work for a large company – or one with systems worth cracking – it would be wise to avoid opening PPT files unless you know their precise pedigree. Even better, install MOICE. It’s relatively painless.

    Office Patches/Security , ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.