Feeds

Another day, another zero-day MS exploit

PowerPoint threat to PCs and Macs

Secure remote control for conventional and virtual desktops

Business users are being encouraged to be more cautious when opening PowerPoint files following the discovery of an as yet unpatched flaw in Microsoft's office application.

Attackers might take advantage of the flaw to run hostile code on either Windows or Mac computers running various versions of the application. The security bug stems from an unspecified flaw in processing PowerPoint documents containing a malformed string, Secunia explains.

The vulnerability affects Microsoft PowerPoint 2000, Microsoft PowerPoint 2002, Microsoft Office PowerPoint 2003, Microsoft PowerPoint 2004 for Mac and Microsoft PowerPoint v. X for Mac, according to an advisory from Microsoft.

Net security firm McAfee has already identified a Trojan that attempts to exploit the vulnerability on compromised Windows machines. The SANS Institute's Internet Storm Centre advises on steps to take to defend against the threat here.

The security flap over PowerPoint caps a bad week for Microsoft, which saw the release of an unscheduled patch to combat a serious day zero vulnerability in Internet Explorer (involving the handling of Vector Markup Language files) on Tuesday.

This isn't the first time a day zero vulnerability has been discovered in Microsoft PowerPoint, either. In a similar incident back in July, Chinese hackers exploited a different PowerPoint flaw in order to infect vulnerable Windows systems with a key-logging Trojan (dubbed Edepol-C), anti-virus firm Sophos reports. ®

Beginner's guide to SSL certificates

More from The Register

next story
Euro Parliament VOTES to BREAK UP GOOGLE. Er, OK then
It CANNA do it, captain.They DON'T have the POWER!
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Post-Microsoft, post-PC programming: The portable REVOLUTION
Code jockeys: count up and grab your fabulous tablets
Twitter App Graph exposes smartphone spyware feature
You don't want everyone to compile app lists from your fondleware? BAD LUCK
Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash
Lovely presentations... but not on your Flash-hating mobe
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.