Dark Reading
Risky Business
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Topics:
SophosLabs Insights
IT Staff Wait For Critical Zero-Day PowerPoint Fix
You may have experienced the soul-destroying feeling of sitting through a far-too-long corporate presentation, but a new critical flaw could deliver a far more serious case of "Death by PowerPoint." Yes, IT system administrators are being warned today about a critical security vulnerability in select versions of Microsoft PowerPoint, which is being used by hackers to install malicious code without user intervention. Microsoft has confirmed that a critical vulnerability exists in some versions of Microsoft Office PowerPoint, which is allowing malicious attackers to run unauthorized code on users' computers. Microsoft Office PowerPoint 2000 Service Pack 3, Microsoft Office PowerPoint 2002 Service Pack 3, Microsoft Office PowerPoint 2003 Service Pack 3, and Microsoft Office 2004 for Mac are all affected. Meantime, users of current versions -- Microsoft Office PowerPoint 2007 and Microsoft Office for Mac 2008 -- can breath easy. Of course, PowerPoint is commonly used in the business environment for delivering corporate presentations, and hackers are attempting to trick workers into opening malicious PPT attachments that could exploit the flaw and install malware onto computers. Sophos has seen a number of samples of malware exploiting the vulnerability, and will shortly be releasing protection against them as Troj/ExpPPT-A. You can read more about our assessment of the vulnerability in our analysis. So the big question is...when will Microsoft get its patch out? Its next scheduled megapatch is due on Tuesday, April 14, but it's unclear whether they will be able to create and properly test a fix in time for distribution. In the meantime, cybercriminals have a window of opportunity to infect computers. Be warned: They've shown themselves not to be slow coaches when it comes to taking advantage of a weakness like this. So take action now. Make sure your antivirus software is configured to automatically update as security vendors rush out detection routines, and ensure your staff knows not to open unsolicited or unknown PowerPoint files -- just in case they are carrying a dangerous payload.
« Getting Physical With Workstation Security | Main | Scanning Flash Apps For Insecurities » |
| Sign up now for the weekly InformationWeek Blog Newsletter. |
This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
Related Content |
Sponsored by: |
Sophos Security Threat Report: 2010
How To Protect Your Critical Information Easily
