Microsoft PowerPoint being Exploit by Hackers to Hijack Computers
Hackers are exploiting a security breach in Microsoft Office by using PowerPoint to hack Microsoft Windows users and gain full control of computer systems.
Microsoft, in a security advisory section on its website, says there have been “limited, targeted attacks” against users through Microsoft PowerPoint. An attacker who successfully exploits the security hole could gain complete control of the system. With that sort of control, hackers could execute his code remotely, change or delete data and install harmful malware.
The hack affects all supported releases of Microsoft Windows (with the exception of MS Windows Server 2003), and it’s executed when a computer start a specially crafted Microsoft Office file that contains a malicious version of what’s called an OLE (object linking and embedding) object. An OLE object, in this sense, is data that’s embedded in a different file, like an Excel spreadsheet in a Word document, for example.
Microsoft says all Office file types could potentially contain malicious OLE objects, so it isn’t necessarily a vulnerability specific to PowerPoint. The company refused to work out on the threat, but a spokesman pointed to a blog post it released on the subject.
Fortunately, the attack requires user interaction, so you would have to consent to open the file containing an infected OLE(Object Linking and Embedding) object. So if you tried to download a PowerPoint file from the web, a display prompt would ask you for download permission. Consent prompts are fairly common, so users might not even realize they’re granting permission to an infected file to execute code written in OLE. As for now, Microsoft suggests users avoid opening any PowerPoint files from a source that is not trusted.
For now, Microsoft continues to investigate the security flaw. Depending on what the Microsoft finds, that could lead to a security update built into the monthly release or even an emergency security update.
meanwhile, Microsoft outlines suggestions and workarounds for users worried about the security hole, including a downloadable tool to help protect Microsoft Windows users.
Do you have something to add to this story? Share it in the comments.