No. 1 Story

ACCC clears Optus to scrap HFC network and use NBN instead

The ACCC has cleared, provisionally, the proposed deal between Optus and NBN Co under which Optus is to be paid around $800m to shut down its HFC network and transfer customers onto the NBN. read more

Related Articles

New, zero, day, attack, hits, Microsoft, PowerPoint
Critical infrastructure constantly under attack
Today's release of the report "In the Crossfire: Critical Infrastructure in the Age of...
Read More
Launching new testing products and services
- sponsored editorial - The Trade Show at the Software & Systems...
Read More
Planit tests the water in New Zealand
- sponsored editorial - Australian independent software testing and training organisation, Planit,...
Read More
Microsoft reports zero-day server bug exploits
In what is one of the most potentially serious zero-day Microsoft Windows bugs this...
Read More
Bug in security software enables remote attack
A buffer overflow vulnerability in Snort, the popular open-source intrusion detection system for Linux...
Read More

More From

Popular Threads

New zero day attack hits Microsoft PowerPoint

Stan Beer
Thursday, 28 September 2006 09:13

Business IT - Security

View Comments
Microsoft has warned users of new zero-day attacks that exploit a vulnerability in Microsoft PowerPoint systems. Although the exploit is not as critical the previous Internet Explorer VML (vector markup language) exploit, if users open an infected PowerPoint attachment then remote attackers can gain control of their systems.

    The vulnerable versions include PowerPoint 2000, Microsoft PowerPoint 2002, Microsoft Office PowerPoint 2003, Microsoft PowerPoint 2004 for Mac, and Microsoft PowerPoint v. X for Mac.

    According to the Microsoft Security Advisory, the attack is not quite as critical as the previous zero-day Internet Explorer VML exploit as users can't be attacked unless they open a malicious PowerPoint file sent to them as an attachment. With the previous exploit computers could be infected simply by visiting a maicious website or users opening malicious HTML emails.

    As usual, Microsoft issued its standard warning about not opening attachments from unknown sources. However, the new zero-day exploit highlights a growing problem for the world's largest software company.

    For practical purposes, Microsoft has for some time had in place a cyclical security plugging system that has come to be known as Patch Tuesday, in which patches are broadcast to the global user community on the second Tuesday of every month.

    Unfortunately for Microsoft users, malicious attackers have now tapped into Microsoft's patching rhythm and save up their exploits of newly found vulnerabilities for the period immediately following Patch Tuesday.

    Thus, an increasing number of zero-day exploits either have a full month in which they can attack unprotected systems or, if the exploit is critical enough, they force Microsoft into releasing an early patch as was the case with yesterday's Internet Explorer fix.

    Microsoft has stated that it may issue an out of cycle patch if the exploit is deemed serious enough.

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases