PowerPoint solutions

A few months ago it was Microsoft Word. Last month it was Excel. Now PowerPoint is under attack through a critical hole. Why so many Office flaws so quickly?

Part of the reason is that "black hat" hackers now have cracking tools called "fuzzers" that can automatically run through thousands of combinations of programming calls to find the one (or the dozens) that will crash a program. Such holes fetch good money from valid security firms that pay bounties, as well as from the Internet black market.

In addition, new vulnerabilities are cropping up at a faster rate in popular applications, such as Web browsers and media players, than in Windows, a fact not lost on crackers. When they find a new hole in Office, for example, they can mix-and-match an exploit that hits it with existing viruses and other malware for a quick attack that strikes before a patch appears - a bit like adding the latest targeting system to an existing missile.

Attackers did just that with the PowerPoint hole, which affects versions 2000, 2002 and 2003. As with the other Office flaws mentioned here, if you open a poisoned file from a Web site or an e-mail attachment, an attacker can take control of your PC. By the time you read this, Microsoft should have devised a patch for the vulnerability and sent it via Automatic Updates. For further details, go to www.microsoft.com/technet/security/advisory/922970.mspx.

The new PowerPoint hole is much like the Excel holes that I discussed last month, which the last set of Automatic Updates corrected. You can get the Excel fixes and more info at www.microsoft.com/technet/security/bulletin/ms06-037.mspx.

A second Office patch, also sent via Automatic Updates, eliminates three other holes in the major apps of Office 2000 through 2003. The risk is rated critical only for Office 2000, and important for other Office versions. The difference, however, is just that you get a minimal pop-up warning if you try to open a poisoned file, so get the update regardless of your version. More details are at www.microsoft.com/technet/security/bulletin/ms06-038.mspx.

Finally, Microsoft has fixed two critical holes involving the way both Office and Works handle the display of certain image formats - specifically, Portable Network Graphics (PNG) and Graphics Interchange Format (GIF). No attacks occurred prior to Microsoft's release of the patch; and again, the patch is critical only for Office 2000. You can get it via Automatic Updates or at www.microsoft.com/technet/security/bulletin/ms06-039.mspx.

Critical Flash Player bug fix

Adobe just patched a critical bug in its incredibly popular Macromedia Flash Player. Exploitation of the flaw could leave your PC completely compromised via memory corruption, according to security researcher Fortinet. When you visit a Web site that contains a Flash movie (an .swf file), Flash Player automatically loads on your PC and plays the file.

All you'd have to do to get hit is visit a booby-trapped site. Once you were there, the file would play with no additional click from you. Versions 8.0.24 and earlier are at risk, according to Fortinet. Don't put off getting Adobe's updated release, version 9.0.16, from the Cover Disc of the November 2006 issue of PC World Magazine or www.adobe.com/products/flashplayer/.

OpenOffice patched

Office apps of all types are feeling the pain: Open Office.org has just patched three critical bugs in its free competitor to Microsoft Office. All three holes were discovered by internal audits of Open Office, and none have resulted in active attacks, the organisation says. Open Office.org 1.1.x and 2.0.x are at risk. Get version 1.1.5 or later, or version 2.0.3 or later, at http://download.openoffice.org or off the Cover Disc of the November 2006 issue of PC World Magazine.

JumpDrive recall

Lexar is recalling 66,000 flash drives - among them all models of its JumpDrive FireFly, with 256KB to 2GB of memory, as well as its 1GB Secure II drives - due to a risk of overheating. No incidents or injuries have been reported. The affected flash drives were sold during April and May of 2006. To exchange a questionable unit for an updated, problem-free one, contact Lexar at www.lexar.com/jdrecall/index_au.html.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Stuart J. Johnston

PC World (US online)
Show Comments



Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >

Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?