We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

PowerPoint becomes hackers' target

A few months ago it was Microsoft Word. More recently it was Excel. Now PowerPoint is under attack through a critical hole. Why is there such a rash of Office flaws?

This article appears in the December 06 issue of PC Advisor. Available now in all good newsagents.

Partly, it’s because 'black hat' hackers now have cracking tools called 'fuzzers' that can automatically run through thousands of combinations of programming calls to find the one (or the dozens) that will crash a program. Such holes fetch good money from valid security firms that pay bounties, as well as from the online black market.

In addition, vulnerabilities are cropping up at a faster rate in popular applications, such as web browsers and media players, than in Windows – a fact not lost on crackers. When they find a hole in Office, for example, they can mix-and-match an exploit that hits it with existing viruses and other malware, making for a quick attack that strikes before a patch appears. It's much the same as adding the latest targeting system to an existing missile.

Attackers did just that with the PowerPoint hole, which affects versions 2000, 2002 and 2003. As with the other Office flaws mentioned here, if you open a poisoned file from a website or an email attachment, an attacker can take control of your PC.

Head here for the patch. The PowerPoint hole is much the same as the Excel vulnerabilities, which Automatic Updates has corrected. You can get the Excel fixes and more information here.

A second Office patch, sent via Automatic Updates, eliminates three other holes in the major applications of Office 2000 to 2003. The risk is rated critical only for Office 2000 and important for other Office versions. The difference is, however, that you get a minimal pop-up warning if you try to open a poisoned file, so get the update regardless of your version. More details can be found here.

Finally, Microsoft has fixed two critical holes involving the way that both Office and Works handle the display of certain image formats, specifically, PNG (portable network graphics) and GIF (graphics interchange format). No attacks occurred prior to Microsoft’s release of the patch. The patch is critical only for Office 2000 and you can get it via Automatic Updates or here.

IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Hands-on with Sony's latest smartglasses

IDG UK Sites

The 13 most inspirational Tim Cook quotes