Microsoft warns of Windows 0-day hack via PowerPoint

Presentation picture
PowerPoint files can bring in all sort of nasties

Using Windows? Then be wary of PowerPoint files sent to you as they might be a doorway for hackers to take control of your computer.

Microsoft has issued a security advisory regarding a vulnerability in in its OLE (Object Linking and Embedding) feature that could allow a third-party to execute code remotely.

OLE has been a very useful feature available in Microsoft Office applications for nearly a quarter of a century now and allows you to bring a file within another (e.g. a video in a document).

While OLE-linked advisories have been issued in the past, what makes this one worthy of notice is the fact that it is unpatched and affects all versions of Windows bar Server 2003.

Not everyone however is convinced of its importance. Tripwire's Lamar Bailey reckons that it is not a major issue.

He added "The vulnerability is just an escalation of privilege issue and requires a watering hole attack and/or persuading the victim to open a file to exploit."

In other word, the target needs to do most of the leg work – and be gullible enough - in order for the trick to work.

If you don't open PowerPoint files from unknown sources and have UAC (User Account Control), then it's likely that you're not a risk.

TOPICS
Desire Athow
Managing Editor, TechRadar Pro

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website builders and web hosting when DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.