Beware of PowerPoint boobies traps

In just a few hours time Microsoft will be releasing its regular month “Patch Tuesday” bundle of security fixes – this month including patches for critical vulnerabilities in the likes of Internet Explorer and Microsoft Excel.

But according to the advance bulletin the software giant issued on Friday, there is no sign of a Microsoft fix for a PowerPoint zero day vulnerability that is being actively exploited in the wild.

As revealed earlier this month, hackers are crafting booby-trapped PowerPoint files that, when opened on a victim’s computer, run malicious code without authorisation.

Once a PC has been infected by malware like a backdoor Trojan horse, hackers can gain access to the computer to steal information, to plant further malicious software, or to launch spam and denial-of-service attacks.

Sign up to our free newsletter.
Security news, advice, and tips.

As is errmm.. illustrated on the blog of our friends at CA, hackers aren’t afraid to use images of Asian women bathing to lure into opening their “booby-trapped” PowerPoint files.

Of course, no-one wants Microsoft to rush out a fix for a newly discovered vulnerability without proper testing, but the question remains on when will people receive an official fix for the PowerPoint problem? Will they have to wait until the next Patch Tuesday, which isn’t until 12th May? Or will it be determined that the problem is serious enough that a special out-of-band release should be issued?

While we’re waiting, please be sure to patch your systems with the vulnerability fixes that Microsoft has released. If Microsoft thinks they’re serious enough to publicise, they’re important enough for you to protect against.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.