Thursday, April 9, 2009

Microsoft PowerPoint Warning

On 3 April Microsoft announced that it was investigating new reports of a vulnerability in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. At this time, the UK Govt is aware only of limited and targeted attacks that attempt to use this vulnerability.

The UK’s Centre for the Protection of National Infrastructure has advised that additional care be exercised when using Microsoft Powerpoint.

Company IT departments will eventually patch a solution, once it is provided by Microsoft, but it should be emphasised that unsolicited PowerPoints (or those found on the Internet) should never be opened.

Some former ARC delegates on special occasions circulate self-extracting PowerPoints containing greetings or words of wisdom. These may inadvertently be used to transmit malicious payloads and should always be deleted without opening, and the sender advised of the dangers – and the need to get their own PC checked for the presence of malware.