Very Important: Major PowerPoint Vulnerability
I wanted to let everyone know that Microsoft announced about a week ago that there is major security issue with PowerPoint, in which a bug in how Object Linking and Embedding (OLE) works could give malicious attackers full access to your machine.
OLE is the means by which you are able to insert data from one type of program into another program, for example embedding a spreadsheet into a PowerPoint presentation. But there are a couple of things to keep in mind regarding this flaw:
First, there is a fix, even an automated one. You can find out all about it on this page at the Microsoft support site.
Second, the attacks using this vulnerability have been very limited, no widespread havoc just yet.
Third, if you were attacked, the attacker would only get the level of control you had. So if you were a regular user, those are all the rights they would have. If you were an administrator, on the other hand, which many home PC users are, things could be different. Administrators have the ability to do things other users don’t, like install programs, make system changes, etc.
Fourth, *you* have to let it happen by opening the PowerPoint file in the first place. Here’s a bit of advice that I hope we all already know: DON’T OPEN EMAIL ATTACHMENTS FROM PEOPLE YOU DON’T KNOW! It’s very, very easy to avoid this issue altogether, and why the attacks have been limited. It requires you to open the mysterious presentation from the person you’ve never heard of. Don’t do that, and you’ll be fine.
Header image credit: techaeris.com