Zero-Day Threat Gives New Meaning to Death-by-Powerpoint
HOME
PAGE
MEMBER RESOURCES
ABOUT US
FORUMS
PARTNERS
PRODUCTS & SERVICES
FREE RESOURCES
LOGIN
HERE
JOIN
NOW!
You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community

The Streetwise Security Zone Discussion Forums are a great way to see what other managers are doing about security and what problems they have faced. You can find a lot of helpful hints and tips that could save you time and money.

You must join The Streetwise Security Zone (click HERE) in order to reply or post new items in the forums.
Author Message

ScottWright
Group Administrator

Subject: Zero-Day Threat Gives New Meaning to Death-by-Powerpoint
Risks in the News
posted by ScottWright on Saturday, April 4th 2009 @ 11:37 PM

It's becoming even more important to be vigilant about not accepting or opening unexpected file attachments or downloads from untrusted sites. A recently discovered "zero-day" threat (exploiting a vulnerability that has no immediate patch) has been announced that affects Microsoft Powerpoint files. If opened, the files can give an attacker control of your computer, install a keylogger, rootkit or spam-generating program.

With this type of threat, hackers will often try several different variations on targeted email messages that may appear to be related to common business activities or relationships. Similarly, malicious downloads may come from sites that try to convince you that the download is required in order to enable further use of the site.

Affected Powerpoint and operating system versions

According to Kelly Jackson Higgins of Dark Reading, "The vulnerability affects PowerPoint 2000 Service Pack 3, PowerPoint 2002 Service Pack 3, PowerPoint 2003 Service Pack 3, and Microsoft Office 2004 for Mac . The newer Microsoft Office PowerPoint 2007 and Microsoft Office for Mac 2008 are immune. "

MS Office Powerpoint 2007, and MS Office for Mac 2008 are not affected.

Short and long term solutions

There are short term and long term approaches to solving this specific problem:

  • In the short term, you should tell your team to be very careful not to open powerpoint files that are not expected, whether they come as an email attachment, or as a download from a website.
  • In the long term, Microsoft and anti-virus vendors should be coming out with security patches and updates that can prevent these types of threats from being successful. The question remains, at this time, "When will Microsoft and the Anti-Virus vendors provide a security patch for this uncontrolled threat?"

Guidance from Microsoft

According to Microsoft, the risk of this type of attack can be reduced by using as many of the following "best practices" as possible:

  • Always use an account with limited user rights (i.e. not an account with administrator privileges, such as the default first account created after a Windows installation)
  • Don't click no email links or attachments that you are not expecting.
  • Use the Microsoft tool that requests user confirmation to open downloaded MS Office files, preventing them from being automatically opened.

References

Microsoft Security Advisory (Click HERE).

________________________________
Scott Wright
The Streetwise Security Coach

Would your organization be interested in obtaining the right to use my lessons or articles in your enterprise security awareness program? Please email me at the address below...

Email: scott@streetwise-security-zone.com
Twitter: http://www.twitter.com/streetsec
Phone: 613-693-0997
Podcast: http://www.streetwise-security-zone.com/podcast.html