Skip to main content

Microsoft warns of Windows 0-day hack via PowerPoint

Presentation picture
PowerPoint files can bring in all sort of nasties

Using Windows? Then be wary of PowerPoint files sent to you as they might be a doorway for hackers to take control of your computer.

Microsoft has issued a security advisory regarding a vulnerability in in its OLE (Object Linking and Embedding) feature that could allow a third-party to execute code remotely.

OLE has been a very useful feature available in Microsoft Office applications for nearly a quarter of a century now and allows you to bring a file within another (e.g. a video in a document).

While OLE-linked advisories have been issued in the past, what makes this one worthy of notice is the fact that it is unpatched and affects all versions of Windows bar Server 2003.

Not everyone however is convinced of its importance. Tripwire's Lamar Bailey reckons that it is not a major issue.

He added "The vulnerability is just an escalation of privilege issue and requires a watering hole attack and/or persuading the victim to open a file to exploit."

In other word, the target needs to do most of the leg work – and be gullible enough - in order for the trick to work.

If you don't open PowerPoint files from unknown sources and have UAC (User Account Control), then it's likely that you're not a risk.

Desire Athow

Managing Editor, TechRadar Pro

Désiré has been musing and writing about technology in a career spanning four decades. Following an eight-year stint at where he discovered the joys of global techfests, Désiré now heads up TechRadar Pro. He has an affinity for anything hardware and staunchly refuses to stop writing reviews of obscure products or cover niche B2B software-as-a-service providers.