A few months ago it was Microsoft Word. More recently it was Excel. Now PowerPoint is under attack through a critical hole. Why is there such a rash of Office flaws?
This article appears in the December 06 issue of PC Advisor. Available now in all good newsagents.
Partly, it’s because 'black hat' hackers now have cracking tools called 'fuzzers' that can automatically run through thousands of combinations of programming calls to find the one (or the dozens) that will crash a program. Such holes fetch good money from valid security firms that pay bounties, as well as from the online black market.
In addition, vulnerabilities are cropping up at a faster rate in popular applications, such as web browsers and media players, than in Windows – a fact not lost on crackers. When they find a hole in Office, for example, they can mix-and-match an exploit that hits it with existing viruses and other malware, making for a quick attack that strikes before a patch appears. It's much the same as adding the latest targeting system to an existing missile.
Attackers did just that with the PowerPoint hole, which affects versions 2000, 2002 and 2003. As with the other Office flaws mentioned here, if you open a poisoned file from a website or an email attachment, an attacker can take control of your PC.
A second Office patch, sent via Automatic Updates, eliminates three other holes in the major applications of Office 2000 to 2003. The risk is rated critical only for Office 2000 and important for other Office versions. The difference is, however, that you get a minimal pop-up warning if you try to open a poisoned file, so get the update regardless of your version. More details can be found here.
Finally, Microsoft has fixed two critical holes involving the way that both Office and Works handle the display of certain image formats, specifically, PNG (portable network graphics) and GIF (graphics interchange format). No attacks occurred prior to Microsoft’s release of the patch. The patch is critical only for Office 2000 and you can get it via Automatic Updates or here.