Hackers attack via zero-day PowerPoint vulnerability

PowerPoint icon
Microsoft has issued a warning about an unpatched security hole in PowerPoint that is being exploited by hackers. The attacks rely upon hackers creating a specially crafted booby-trapped PowerPoint file that when opened on the victim’s computer runs malicious code without permission.

The good news is that the latest versions of PowerPoint (Microsoft Office PowerPoint 2007 and Microsoft Office for Mac 2008) are not affected by this critical security flaw. However, if you are running Microsoft Office PowerPoint 2000 Service Pack 3, Microsoft Office PowerPoint 2002 Service Pack 3, Microsoft Office PowerPoint 2003 Service Pack 3, or Microsoft Office 2004 for Mac in your company then you could be at risk.

Once a PC has been infected by a backdoor Trojan, hackers can gain access to the computer to steal information, to plant further malicious software, or to launch spam and/or denial-of-service attacks. Sophos has seen a number of samples of malware exploiting the vulnerability, and will shortly be releasing protection against them as Troj/ExpPPT-A. You can read more about our assessment of the vulnerability in our analysis.

We’ll have to wait and see whether Microsoft can get a fix for this vulnerability into its next scheduled bundle of security patches (due Tuesday 14 April) or earlier. As always, it’s important that patches are not rushed out without proper testing and the guys at Microsoft will be keen to ensure that they have fixed this vulnerability properly without introducing other problems.

Sign up to our free newsletter.
Security news, advice, and tips.

In the past we’ve seen instances of Chinese hackers crafting malicious PowerPoint files and sending them to specific targets in an attempt to install malware and steal information from their victims.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.