Another security hole has been reported against Microsoft Office. This time, the target is PowerPoint, and it is being exploited in the wild (US-CERT). The malware was spread by via e-mail to targeted computers. The backdoor provides unauthorized access to an infected computer for remote hackers.
The flaw comes on top of a raft of security updates from Microsoft to mend a problems in Office software, notably Excel. Last month saw several patches for Word. It appears the work Microsoft has done in hardening the security of the Windows operating system has forced the bad guys to the applications that run on top of Windows. Office is an obvious and easy target. The old macro-viruses aren’t common anymore and firewalls and content filters tend to pass Office documents through. Microsoft Office is part of normal business life and opening them is no big deal – especially if they appear to come from someone you know. As such we are likely to see more exploits targetting Office applications in the near future.