It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Zero Day Bug Pinpoints PowerPoint
page: 15
share:
A new virus has been discovered that exploits a flaw in several versions of Microsft's PowerPoint presentation software. The virus arrives via email
with an attached PowerPoint (.ppt) presentation. Once opened it drops a keylogging trojan horse, Troj/Edepol-C, onto the user's PC. It also leaves
the computer open to additional malware installations by the hacker. Microsoft announced that the flaw exists in PowerPoint 2000, 2002, and 2003. A
security update to patch this flaw is expected to be released by August 8, 2006.
news.bbc.co.uk
Microsoft is warning Windows users about a virus that takes over PCs via the popular PowerPoint program.
Attached to the virus is a poisoned presentation that, if opened, installs keylogging software on a computer.
Users are being told to take care because it could be weeks before Microsoft produces a patch that protects against the security loophole.
Anyone opening the PowerPoint file will trigger the virus that installs a keylogger that records everything typed on an infected machine. It also opens up a backdoor into that machine that the creators of the virus are likely to exploit to gather the recorded keystrokes or to install other malicious programs.
Please visit the link provided for the complete story.
Yet again we see Microsoft on the receiving end of attacks, designed to exploit flaws in their software and operating systems. In this latest case we have a Zero Day exploit, as the virus began circulating the day after Microsoft's release of the vulnerability.
While Microsoft has reported minimal incidence of infection, the potential impact of this virus would seem rather significant. Their PowerPoint software is widely used by corporations, educational institutions and many government agencies, and you would think they would take a more timely approach if only to protect and support that client base.
Unfortunately, computers running versions of the PowerPoint software that contain the flaw will remain unpatched pending release of a security update. As with other past Zero Day exploits, Microsoft has no intention of an immediate release and only states they hope to have a patch included in their next security update, which is expected by Aug. 8th.
Related News Links:
www.techtree.com
www.infozine.com
edition.cnn.com
msnbc.msn.com
news.bbc.co.uk
Microsoft is warning Windows users about a virus that takes over PCs via the popular PowerPoint program.
Attached to the virus is a poisoned presentation that, if opened, installs keylogging software on a computer.
Users are being told to take care because it could be weeks before Microsoft produces a patch that protects against the security loophole.
Anyone opening the PowerPoint file will trigger the virus that installs a keylogger that records everything typed on an infected machine. It also opens up a backdoor into that machine that the creators of the virus are likely to exploit to gather the recorded keystrokes or to install other malicious programs.
Please visit the link provided for the complete story.
Yet again we see Microsoft on the receiving end of attacks, designed to exploit flaws in their software and operating systems. In this latest case we have a Zero Day exploit, as the virus began circulating the day after Microsoft's release of the vulnerability.
While Microsoft has reported minimal incidence of infection, the potential impact of this virus would seem rather significant. Their PowerPoint software is widely used by corporations, educational institutions and many government agencies, and you would think they would take a more timely approach if only to protect and support that client base.
Unfortunately, computers running versions of the PowerPoint software that contain the flaw will remain unpatched pending release of a security update. As with other past Zero Day exploits, Microsoft has no intention of an immediate release and only states they hope to have a patch included in their next security update, which is expected by Aug. 8th.
Related News Links:
www.techtree.com
www.infozine.com
edition.cnn.com
msnbc.msn.com
I don't understand... how is this news? Everyone knows the entire MS Office suite is packed with security flaws.
This is just like any other trojan / virus / keylogger... the user has to run the infecting program. I would hope by now most people know better than to open an unknown attachment...
This is just like any other trojan / virus / keylogger... the user has to run the infecting program. I would hope by now most people know better than to open an unknown attachment...
apc,
The possible ways of infection are not only limited to opening email attachments. The infected .ppt presentation could very easily be posted on a website under the guise of most anything. Another way would be to insert _javascript into a webpage directing the user's browser directly to the file. If the user's computer has PP installed it would open directly within the browser *wham*
Just like Acrobat is integrated to allow .pdfs to open within the browser window.
The possible ways of infection are not only limited to opening email attachments. The infected .ppt presentation could very easily be posted on a website under the guise of most anything. Another way would be to insert _javascript into a webpage directing the user's browser directly to the file. If the user's computer has PP installed it would open directly within the browser *wham*
Just like Acrobat is integrated to allow .pdfs to open within the browser window.
Well yes, of course... but again that is how it has always been. This sounds like the PPT equivalent of malicious Word macros. Regardless, the user
must initiate the infection. By opening an unknown email attachment, downloading some nifty screensaver, or spending their entire life playing Java
games. Whatever the action, it is the fault of the user.
I don't use MS too much, but my understanding is there is no direct integration of Office and IE as there is with Acrobat. IE does not open Office files in the browser. When it gets a call to receive an Office document, it will request user action: Open or Save. You can't script around it.
I'm totally nitpicking, but how is this worthy of ATSNN attention? Seems like something you would find near the bottom of MSN or something...
I don't use MS too much, but my understanding is there is no direct integration of Office and IE as there is with Acrobat. IE does not open Office files in the browser. When it gets a call to receive an Office document, it will request user action: Open or Save. You can't script around it.
I'm totally nitpicking, but how is this worthy of ATSNN attention? Seems like something you would find near the bottom of MSN or something...
Okay. Yes, if you click on a link to a .ppt file listed on a website you Are prompted to "Open" or "Save". However, if you choose "Open" and
PowerPoint is installed it will open directly within the browser window, that is if you are using Internet Explorer. I'm not sure as to how Firefox
or others handle the various Office products.
I do understand, and agree, that ultimate responsibility falls on the user. Unfortunately, and despite various efforts to educate and inform regarding unknown attachments or files, there will always be those who fail to use good judgement and end up falling prey to such.
As for being ATSNN worthy, I can only offer that the initial story I saw regarding this was on the main Google News page. To further reinforce said worthiness there are/were 32 additional News-related site carrying the story.
My biggest concern and main reason for submission is the seemingly typical response from Microsoft with regards to supporting their products and software, especially when it concerns security issues.
This particular "virus" started circulating the Internet on the day following Microsoft's announcement of the vulnerability, yet they will "wait" until the next security update to to release a patch. Meanwhile untold numbers of PCs remain vulnerable and it would seem only reasonable to expect additional variants in the days ahead.
$.02
I do understand, and agree, that ultimate responsibility falls on the user. Unfortunately, and despite various efforts to educate and inform regarding unknown attachments or files, there will always be those who fail to use good judgement and end up falling prey to such.
As for being ATSNN worthy, I can only offer that the initial story I saw regarding this was on the main Google News page. To further reinforce said worthiness there are/were 32 additional News-related site carrying the story.
My biggest concern and main reason for submission is the seemingly typical response from Microsoft with regards to supporting their products and software, especially when it concerns security issues.
This particular "virus" started circulating the Internet on the day following Microsoft's announcement of the vulnerability, yet they will "wait" until the next security update to to release a patch. Meanwhile untold numbers of PCs remain vulnerable and it would seem only reasonable to expect additional variants in the days ahead.
$.02
Originally posted by apc
I don't understand... how is this news? Everyone knows the entire MS Office suite is packed with security flaws.
This is just like any other trojan / virus / keylogger... the user has to run the infecting program. I would hope by now most people know better than to open an unknown attachment...
NO, everyone doesn't know.
Ask the average office worker, who uses e-mail, other Office related software.
I'll bet they don't keep up on all the latest threats.
It's good to be reminded every now and then!
haha! that's what Geeks On Call services are for! Those guys are popping up everywhere!
Yes yes reminders are well and good... it just struck me as odd since I didn't see this listed as a submission. I must have missed it because it seemed to me that this went straight to ATSNN and in my opinion it is as significant as a reminder that water can kill if you dont know how to swim.
Yes yes reminders are well and good... it just struck me as odd since I didn't see this listed as a submission. I must have missed it because it seemed to me that this went straight to ATSNN and in my opinion it is as significant as a reminder that water can kill if you dont know how to swim.
new topics
-
TLDR post about ATS and why I love it and hope we all stay together somewhere
General Chit Chat: 48 minutes ago -
Hate makes for strange bedfellows
US Political Madness: 2 hours ago -
Who guards the guards
US Political Madness: 5 hours ago -
Has Tesla manipulated data logs to cover up auto pilot crash?
Automotive Discussion: 7 hours ago
top topics
-
Hate makes for strange bedfellows
US Political Madness: 2 hours ago, 12 flags -
CIA botched its handling of sexual assault allegations, House intel report says
Breaking Alternative News: 17 hours ago, 11 flags -
whistleblower Captain Bill Uhouse on the Kingman UFO recovery
Aliens and UFOs: 12 hours ago, 10 flags -
Who guards the guards
US Political Madness: 5 hours ago, 10 flags -
1980s Arcade
General Chit Chat: 14 hours ago, 6 flags -
Teenager makes chess history becoming the youngest challenger for the world championship crown
Other Current Events: 16 hours ago, 4 flags -
Deadpool and Wolverine
Movies: 15 hours ago, 4 flags -
TLDR post about ATS and why I love it and hope we all stay together somewhere
General Chit Chat: 48 minutes ago, 3 flags -
Has Tesla manipulated data logs to cover up auto pilot crash?
Automotive Discussion: 7 hours ago, 2 flags
active topics
-
TLDR post about ATS and why I love it and hope we all stay together somewhere
General Chit Chat • 4 • : theatreboy -
"We're All Hamas" Heard at Columbia University Protests
Social Issues and Civil Unrest • 236 • : marg6043 -
Candidate TRUMP Now Has Crazy Judge JUAN MERCHAN After Him - The Stormy Daniels Hush-Money Case.
Political Conspiracies • 693 • : matafuchs -
MULTIPLE SKYMASTER MESSAGES GOING OUT
World War Three • 95 • : cherokeetroy -
1980s Arcade
General Chit Chat • 19 • : theatreboy -
The Fight for Election Integrity Continues -- Audits, Criminal Investigations, Legislative Reform
2024 Elections • 4142 • : IndieA -
Hate makes for strange bedfellows
US Political Madness • 20 • : Cvastar -
SC Jack Smith is Using Subterfuge Tricks with Donald Trumps Upcoming Documents Trial.
Dissecting Disinformation • 107 • : WeMustCare -
What do you guys think of this UFO footage?
Aliens and UFOs • 12 • : Cvastar -
Fast Moving Disc Shaped UFO Captured on Camera During Flight from Florida to New York City
Aliens and UFOs • 21 • : Cvastar
5