Microsoft warns of a new unpatched security vulnerability in PowerPoint. According to their security advisory, PowerPoint 2000, 2002 and 2003 up to Service Pack 3 are affected; so is PowerPoint 2004 for Macs. Currently cyber criminals are abusing specially prepared documents to infect computers in companies. This is how the so-called GhostNet started a few years ago as well.

Good news is that PowerPoint Viewer 2003 and 2007 as well as Office 2007 seem to be unaffected. If you get PowerPoint presentations by mail, only open them with these versions. Anyhow it seems a good idea to first check whether you expected that presentation from exactly that sender and if in doubt, contact the sender to verify it was really him sending the document.

As administrator of a company network you might want to setup a MOICE filter for incoming documents to sanitize them so they can’t lead to dangerous actions on the client PCs.

Dirk Knop
Technical Editor