Tuesday, August 15, 2006

Powerpoint flaw allows remote code execution

Another reason to patch up, but if you use the default settings for Windows Automatic Updates, you may not have this fix installed yet.

This is a serious flaw in Microsoft's PowerPoint, with several Trojans exploiting it already in the wild. One of the more "interesting" flavors is Win32/Fantador.E!Backdoor [Trojan]-- which drops a LSP into the victims Winsock TCP stack and allows complete remote administrative access to the system.

All versions of Powerpoint are vulnerable until patched, although Microsoft claims that the free Powerpoint 2003 Viewer does not have the flaw. So if you receive an unexpected PPT file it may be safer to open it in the viewer rather than Powerpoint.

The recommended methods to get this patch are:

Visit the Office Update site and install all available updates. You may have to go through the update process several times if you are behind on your Microsoft Office service packs. Repeat until you see that there are no remaining available updates. You may need your original office installation disks handy to successfully complete this process.

If you wish you may upgrade 'Windows Update' to the free 'Microsoft Update Service,' which turns on extended updates on the regular Windows Update site. That will allow you to install updates for Office in addition to the Windows patches from one place. Additionally - by turning on this feature - and if you use Automatic Updates, then Microsoft Office will be included in your automatic update schedule and silent downloads into the future. (Note that if you have already turned on this feature, you will only see the normal Update site when you click the link above.)

No comments:

Post a Comment

Comments are welcome but moderated to prevent spam links. I usually check them at least once a day in the evenings - so please be patient with me if your comment does not appear quickly.

Thank you.