PowerPoint flaw STILL left unpatched!

I wrote a blog article a week ago about how Microsoft has known about a critical flaw in Microsoft PowerPoint, part of the (expensive) MS Office package that includes Word, Excel and Outlook. This critical flaw in PowerPoint which exists in all …I wrote a blog article a week ago about how Microsoft has known about a critical flaw in Microsoft PowerPoint, part of the (expensive) MS Office package that includes Word, Excel and Outlook. This critical flaw in PowerPoint which exists in all current versions of Office (2000, XP and 2003) can allow a malicious user to run a custom piece of software from within a PowerPoint presentation on your computer without you knowing it’s happening. This piece of malicious software could install a virus or trojan behind the scenes, and turn your computer into a ‘zombie’ PC on the Internet and allow any number of people to remotely control your computer whenever you’re online. Once your PC is accessible as a ‘zombie’ on the Internet, your computer could be used for illegal activity, sending spam, and much more.

In a day and age where we’re so quick to forward neat-looking presentations to one another of slide shows containing photos of troops in Iraq, or beautiful sunsets with poetry, we need to keep in mind that casually opening these presentations that are coming from who-knows-where, even if forwarded by a friend, can corrupt your computer and make you liable for what this malicious software is doing. In April, a judge ruled that having poor computer and Internet security is no longer a valid defense if you are charged with some sort of computer crime (downloading music, etc). Microsoft, therefore, has just made you a legally-liable target just for using their software!

Sounds bad right?

Funny thing is, Microsoft has known about this ‘critical’ flaw since JULY 15 2006 — this exploitable problem was reported almost 10 full months ago!
http://www.frsirt.com/english/advisories/2006/2815

I’ve personally been deleting every PowerPoint presentation that comes my way via Email since this critical flaw was found last summer. However, it still surprises me that Microsoft continues to let this flaw be exploited by malicious "black hat" hackers for so long.

The reason I bring this up now is because Microsoft only patches Windows and Office software once a month on "Patch Tuesday" unless it’s something that the public is really screaming to get fixed. May’s "Patch Tuesday" happened this week on May 8th and Microsoft has STILL not patched this critical error that they’ve known about since LAST SUMMER.

For your own reference, here’s a current list of everything known to be a problem with Windows and Office, and when it was discovered:
http://www.frsirt.com/english/Unpatched-Microsoft-Vulnerabilities.php
Notice how many open flaws still exist in Internet Explorer, some dating back to February 2006! You’d think with Microsoft’s billions of dollars they’d stop trying to buy Yahoo and fix their software!

What can you do about it? Glad you asked…

1. If you get a PowerPoint presentation in an Email, which is generally a file ending in .pps or .ppt, that you are not expecting to receive (like for a business meeting at work), please do not open it, just delete it. You might miss out on pretty sunsets or fluffy kittens or some great photos of army troops fighting overseas, but it’s not worth compromising your computer over.

2. Contact Microsoft and tell them "Enough already — fix this flaw".
Visit this support page at Microsoft:
https://support.microsoft.com/common/survey.aspx?scid=sw;en;1214&showpage=1&WS=support
and tell them you want this 10-month old critical flaw in PowerPoint fixed! Copy this link to the exact PowerPoint flaw into the support form on that page:
http://www.frsirt.com/english/advisories/2006/2815

3. Scan your computer for viruses and rootkits.
Go to Google and search for "free antivurus software" or "rotkit detection" — there are lots of free programs out there to help you keep your Windows machines more secure.

4. Spread the word!
If someone sends you a PowerPoint presentation, send them the URL for this article and warning them that they may have compromised their own PC just by opening the presentation themselves. Ask them to delete incoming PowerPoint presentations as well (unless they are expected for work or something), and to pass on this blog article’s URL to whoever sent *them* the PowerPoint file.