Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×

PowerPoint ZeroDay Vulnerability Exploited 140

Posted by Zonk from the microsoft's-least-favorite-day dept.
whitehatlurker writes to mention a WashingtonPost.com article about another unpatched flaw with Microsoft Office. The bug, part of the PowerPoint software, has already been used in the wild, and may be connected to an industrial espionage case. From the article: "This undocumented flaw does not appear to have been addressed in any of the 13 security updates Microsoft shipped this week to mend a variety of problems in Office software. As Security Fix and others have noted, some of the work Microsoft has done in hardening the security of the Windows operating system has forced the bad guys to look for lower-hanging fruit in applications that run on top of Windows, so we may see more Office flaws under attack."
This discussion has been archived. No new comments can be posted.

PowerPoint ZeroDay Vulnerability Exploited More

PowerPoint ZeroDay Vulnerability Exploited

Comments Filter:

  • Re:Office Vulnerabilities (Score:3, Informative)

    by blowdart ( 31458 ) on Sunday July 16, 2006 @06:58AM (#15727476) Homepage
    It depends how they update windows. If they've switched from windowsupdate [microsoft.com] to microsoftupdate [microsoft.com] then Office updates will be included (as well as updates for some server software like SQL 2005). The switch also changes the automatic update software.

  • Do you really need powerpoint or similar? (Score:3, Informative)

    by dbIII ( 701233 ) on Sunday July 16, 2006 @07:32AM (#15727540)
    The question people need to ask is not, "why should I switch to OpenOffice"
    The question people should have been asking since 1992 is "why should I be doing a powerpoint or clone of it when a web presentation of some form can be used later and will work on something that is available if my laptop does not like the projector, gets dropped or other problems." Going out to buy the latest version of MS Office a few minutes before the presentation because some guy has a powerpoint presentation with embedded avi files that won't work with anything else is somewhat annoying.

    There are web content tools designed to work well even for your average aging office typist who is scared of computers.

  • you've got machines with RAM to spare,

    What? Office ain't light on ram either boy.

    you're not going to need support,

    I've never known Microsoft to allow any arbitrary Office user to phone them up...

    You're not going to need the pre-written macro code which is everywhere for Office,

    If I wanted to script my documents, I'd use LaTeX and do it properly.

    you don't need the excellent VBA IDE,

    ??? What is that?

    you don't need the excellent documentation,

    I've found that most of their documentation doesn't cover odd corner cases, that "clippy" is useless and trial and error is usually the best way to go with either suite.

    As to the rest ... the fact that others don't use it is self-serving. That's not a feature of Office, it's a result of the monopoly MSFT tries to establish. As for not matching the GUI, speak for yourself. It fits in just fine on my Gnome desktop.

    And again for the Macros. Dude, go teach yourself LaTeX. That's how you script a proper document.

    Tom

  • Re:Do you really need MS Office? (Score:5, Informative)

    by killjoe ( 766577 ) on Sunday July 16, 2006 @07:56AM (#15727584)
    "you've got machines with RAM to spare, "

    If you have enough RAM for access you have enough ram for office.

    "you're not going to need support,"

    If you need support you can buy it from Sun. You may have heard about Sun. I think they are a pretty large company.

    "you're not going to need the pre-written macro code which is everywhere for Office,"

    Office by default will not let you execute macros. Most organizations turn off the macro execution as a group policy in AD. Having said that if you have willingly chosen to open up your desktop to macro exploits and have willingly chosen to lock yourself to a vendor then you can't switch. Vendor lock sucks for an organization though. From now on you are no longer allowed to use any non MS office software ever. Good for them, sucks for you.

    "you don't need the excellent VBA IDE,"

    See above. You can script OO in python though, much better then VBA as far as I am concerned. There are several python IDEs around too last I checked.

    "you don't need the excellent documentation,"

    Wait let me check my office manual to see if it's better then the OO manual. Ooops looks like I didn't get an office manual. Seriously... There is excellent OO documentation. There are also several books which are cheaper then office.

    "you're not going to use the entire systems implemented in Office (Excel and Access systems are commonplace where I work, they're commercial and not in-house software)"

    If you are buying commercial apps they can (and should) use the office developer toolkit to deliver you a runtime. If they are forcing you to buy office just to run their apps then you are getting screwed. Also see the above remark about vendor lock.

    "you don't mind not being able to properly use the documents everyone outside your organisation will be using, and the documents your employees will be bringing from home,"

    Keep a copy of office around for those rare documents that don't translate properly. Tell your employees to use OO at home if they want to work from home. All companies have document standards.

    "you don't mind the GUI not matching the rest of your system,"

    When office 2007 comes out the GUI of OO will more closely match your XP box then office will.

    "you don't mind using a piece of software which no-one will have audited,"

    What makes you think office was audited? Who audited that commercial software package you got from that commercial vendor (you know the one that requires office to run). Who audited that messenger program half of your staff is using? I have news for you. 100% of the corporations in the world are running at least one piece of un-audited software.

    "you can't wait for Office 2007 for ODF,"

    The ODF support in 2007 will be read only. It will also be crippled from the looks of it.

    "and you don't need a rich macro API."

    You have no idea what you are talking about. None at all. Every part of OO is scriptable.

    "Disclaimer: I'm not an MS fanboy, "

    Yes you are. If you weren't you would not have lied so much.

  • Link about the actual virus (Score:3, Informative)

    by DavidD_CA ( 750156 ) on Sunday July 16, 2006 @05:40PM (#15729405) Homepage
    The summary really should have linked to this page which describes the virus in a bit more technical nature. Not "reporter speak".

    http://www.symantec.com/enterprise/security_respon se/writeup.jsp?docid=2006-071212-4413-99&tabid=2 [symantec.com]

    Apparently the victim launches the PowerPoint slide show (probably spread via email like every other virus) and it uses PowerPoint to drop the virus and infect the machine. Although the link doesn't say, my guess is that it does this without prompting the user if it's okay to run a macro.

    The virus also displays a slide full of Chinese (?) characters. Anyone know what that translates to? "All your slide are belong to us"?

Slashdot Top Deals

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (5) All right, who's the wiseguy who stuck this trigraph stuff in here?

Close