PowerPoint. It’s a situation as much as it is a product. And people do (aesthetically) terrible things with it. But now hackers are exploiting it in a new way. Microsoft announced on Tuesday that a vulnerability in nearly all versions of Windows is being attacked through PowerPoint files. We would expect nothing less.
The only version of Windows that’s safe from this attack is Server 2003, which is kind of significant because Windows Server 2003 is sort of like the XP of server operating systems. Basically it’s still around. But for everyone else, opening a compromised PowerPoint file could give a hacker remote system control.
Microsoft says that people who have encountered a malicious PowerPoint file often got a User Account Control prompt. That’s sketchy and shouldn’t happen just because you opened an Office document, so if you see that be on alert. Other office documents could spread the attack, too, or any file type that supports Microsoft’s Object Linking and Embedding (OLE) protocol.
For now Microsoft has released a quick fix “OLE packager Shim Workaround” that fixes the PowerPoint issue, but isn’t a full patch. That will presumably come as soon as Microsoft can churn it out. Microsoft also says that by operating Windows with limited permissions people can protect themselves from the attack.
Once and for all, just stay away from PowerPoint, okay?