PowerPoint solutions

A few months ago it was Microsoft Word. Last month it was Excel. Now PowerPoint is under attack through a critical hole. Why so many Office flaws so quickly?

Part of the reason is that "black hat" hackers now have cracking tools called "fuzzers" that can automatically run through thousands of combinations of programming calls to find the one (or the dozens) that will crash a program. Such holes fetch good money from valid security firms that pay bounties, as well as from the Internet black market.

In addition, new vulnerabilities are cropping up at a faster rate in popular applications, such as Web browsers and media players, than in Windows, a fact not lost on crackers. When they find a new hole in Office, for example, they can mix-and-match an exploit that hits it with existing viruses and other malware for a quick attack that strikes before a patch appears - a bit like adding the latest targeting system to an existing missile.

Attackers did just that with the PowerPoint hole, which affects versions 2000, 2002 and 2003. As with the other Office flaws mentioned here, if you open a poisoned file from a Web site or an e-mail attachment, an attacker can take control of your PC. By the time you read this, Microsoft should have devised a patch for the vulnerability and sent it via Automatic Updates. For further details, go to www.microsoft.com/technet/security/advisory/922970.mspx.

The new PowerPoint hole is much like the Excel holes that I discussed last month, which the last set of Automatic Updates corrected. You can get the Excel fixes and more info at www.microsoft.com/technet/security/bulletin/ms06-037.mspx.

A second Office patch, also sent via Automatic Updates, eliminates three other holes in the major apps of Office 2000 through 2003. The risk is rated critical only for Office 2000, and important for other Office versions. The difference, however, is just that you get a minimal pop-up warning if you try to open a poisoned file, so get the update regardless of your version. More details are at www.microsoft.com/technet/security/bulletin/ms06-038.mspx.

Finally, Microsoft has fixed two critical holes involving the way both Office and Works handle the display of certain image formats - specifically, Portable Network Graphics (PNG) and Graphics Interchange Format (GIF). No attacks occurred prior to Microsoft's release of the patch; and again, the patch is critical only for Office 2000. You can get it via Automatic Updates or at www.microsoft.com/technet/security/bulletin/ms06-039.mspx.

Critical Flash Player bug fix

Adobe just patched a critical bug in its incredibly popular Macromedia Flash Player. Exploitation of the flaw could leave your PC completely compromised via memory corruption, according to security researcher Fortinet. When you visit a Web site that contains a Flash movie (an .swf file), Flash Player automatically loads on your PC and plays the file.

All you'd have to do to get hit is visit a booby-trapped site. Once you were there, the file would play with no additional click from you. Versions 8.0.24 and earlier are at risk, according to Fortinet. Don't put off getting Adobe's updated release, version 9.0.16, from the Cover Disc of the November 2006 issue of PC World Magazine or www.adobe.com/products/flashplayer/.

OpenOffice patched

Office apps of all types are feeling the pain: Open Office.org has just patched three critical bugs in its free competitor to Microsoft Office. All three holes were discovered by internal audits of Open Office, and none have resulted in active attacks, the organisation says. Open Office.org 1.1.x and 2.0.x are at risk. Get version 1.1.5 or later, or version 2.0.3 or later, at http://download.openoffice.org or off the Cover Disc of the November 2006 issue of PC World Magazine.

JumpDrive recall

Lexar is recalling 66,000 flash drives - among them all models of its JumpDrive FireFly, with 256KB to 2GB of memory, as well as its 1GB Secure II drives - due to a risk of overheating. No incidents or injuries have been reported. The affected flash drives were sold during April and May of 2006. To exchange a questionable unit for an updated, problem-free one, contact Lexar at www.lexar.com/jdrecall/index_au.html.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Stuart J. Johnston

PC World (US online)
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?