Skip to main content

Microsoft warns of Windows 0-day hack via PowerPoint

Presentation picture
PowerPoint files can bring in all sort of nasties

Using Windows? Then be wary of PowerPoint files sent to you as they might be a doorway for hackers to take control of your computer.

Microsoft has issued a security advisory regarding a vulnerability in in its OLE (Object Linking and Embedding) feature that could allow a third-party to execute code remotely.

OLE has been a very useful feature available in Microsoft Office applications for nearly a quarter of a century now and allows you to bring a file within another (e.g. a video in a document).

While OLE-linked advisories have been issued in the past, what makes this one worthy of notice is the fact that it is unpatched and affects all versions of Windows bar Server 2003.

Not everyone however is convinced of its importance. Tripwire's Lamar Bailey reckons that it is not a major issue.

He added "The vulnerability is just an escalation of privilege issue and requires a watering hole attack and/or persuading the victim to open a file to exploit."

In other word, the target needs to do most of the leg work – and be gullible enough - in order for the trick to work.

If you don't open PowerPoint files from unknown sources and have UAC (User Account Control), then it's likely that you're not a risk.

Desire Athow

Managing Editor, TechRadar Pro

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Then followed a weekly tech column in a local business magazine in Mauritius, a late night tech radio programme called Clicplus and a freelancing gig at the now-defunct, Theinquirer, with the legendary Mike Magee as mentor. Following an eight-year stint at ITProPortal.com where he discovered the joys of global techfests, Désiré now heads up TechRadar Pro. He has an affinity for anything hardware and staunchly refuses to stop writing reviews of obscure products or cover niche B2B software-as-a-service providers.