PowerPoint solutions

A few months ago it was Microsoft Word. Last month it was Excel. Now PowerPoint is under attack through a critical hole. Why so many Office flaws so quickly?

Part of the reason is that "black hat" hackers now have cracking tools called "fuzzers" that can automatically run through thousands of combinations of programming calls to find the one (or the dozens) that will crash a program. Such holes fetch good money from valid security firms that pay bounties, as well as from the Internet black market.

In addition, new vulnerabilities are cropping up at a faster rate in popular applications, such as Web browsers and media players, than in Windows, a fact not lost on crackers. When they find a new hole in Office, for example, they can mix-and-match an exploit that hits it with existing viruses and other malware for a quick attack that strikes before a patch appears - a bit like adding the latest targeting system to an existing missile.

Attackers did just that with the PowerPoint hole, which affects versions 2000, 2002 and 2003. As with the other Office flaws mentioned here, if you open a poisoned file from a Web site or an e-mail attachment, an attacker can take control of your PC. By the time you read this, Microsoft should have devised a patch for the vulnerability and sent it via Automatic Updates. For further details, go to www.microsoft.com/technet/security/advisory/922970.mspx.

The new PowerPoint hole is much like the Excel holes that I discussed last month, which the last set of Automatic Updates corrected. You can get the Excel fixes and more info at www.microsoft.com/technet/security/bulletin/ms06-037.mspx.

A second Office patch, also sent via Automatic Updates, eliminates three other holes in the major apps of Office 2000 through 2003. The risk is rated critical only for Office 2000, and important for other Office versions. The difference, however, is just that you get a minimal pop-up warning if you try to open a poisoned file, so get the update regardless of your version. More details are at www.microsoft.com/technet/security/bulletin/ms06-038.mspx.

Finally, Microsoft has fixed two critical holes involving the way both Office and Works handle the display of certain image formats - specifically, Portable Network Graphics (PNG) and Graphics Interchange Format (GIF). No attacks occurred prior to Microsoft's release of the patch; and again, the patch is critical only for Office 2000. You can get it via Automatic Updates or at www.microsoft.com/technet/security/bulletin/ms06-039.mspx.

Critical Flash Player bug fix

Adobe just patched a critical bug in its incredibly popular Macromedia Flash Player. Exploitation of the flaw could leave your PC completely compromised via memory corruption, according to security researcher Fortinet. When you visit a Web site that contains a Flash movie (an .swf file), Flash Player automatically loads on your PC and plays the file.

All you'd have to do to get hit is visit a booby-trapped site. Once you were there, the file would play with no additional click from you. Versions 8.0.24 and earlier are at risk, according to Fortinet. Don't put off getting Adobe's updated release, version 9.0.16, from the Cover Disc of the November 2006 issue of PC World Magazine or www.adobe.com/products/flashplayer/.

OpenOffice patched

Office apps of all types are feeling the pain: Open Office.org has just patched three critical bugs in its free competitor to Microsoft Office. All three holes were discovered by internal audits of Open Office, and none have resulted in active attacks, the organisation says. Open Office.org 1.1.x and 2.0.x are at risk. Get version 1.1.5 or later, or version 2.0.3 or later, at http://download.openoffice.org or off the Cover Disc of the November 2006 issue of PC World Magazine.

JumpDrive recall

Lexar is recalling 66,000 flash drives - among them all models of its JumpDrive FireFly, with 256KB to 2GB of memory, as well as its 1GB Secure II drives - due to a risk of overheating. No incidents or injuries have been reported. The affected flash drives were sold during April and May of 2006. To exchange a questionable unit for an updated, problem-free one, contact Lexar at www.lexar.com/jdrecall/index_au.html.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Stuart J. Johnston

PC World (US online)
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?