Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×

Microsoft Warns of PowerPoint Attack 127

narramissic writes to let us know about yet another PowerPoint flaw, this one affecting PowerPoint 2000, 2002, and 2003, soon after Microsoft issued a record number of patches to fix numerous Office vulnerabilities (among others). The new problem came to light in a blog posting by Microsoft Security Program Manager Alexandra Huft, but the coverage at ITWorld has more detail. Huft writes, "We've been made aware of proof of concept code published publicly affecting Microsoft Office 2003 PowerPoint," and goes on to say that Microsoft is not aware of any attacks that exploit the bug.
This discussion has been archived. No new comments can be posted.

Microsoft Warns of PowerPoint Attack

Comments Filter:
  • Good. (Score:2, Funny)

    by Anonymous Coward
    I don't use PowerPoint. When I go to a meeting, which is often, I immediately leave the room if someone decides to bore me with stupid phrases in 12-centimetre type. I am an intelligent man and I demand an intelligent medium by which to be educated.
    • Re:Good. (Score:5, Funny)

      by Anonymous Coward on Friday October 13, 2006 @02:46PM (#16428841)
      Do you storm out and tell them they are all idiots for using a presentation software package to make a presentation and run to your desk to be first post on Slashdot?
    • Re:Good. (Score:4, Insightful)

      by cryfreedomlove ( 929828 ) on Friday October 13, 2006 @02:47PM (#16428859)
      Really? You just walk out? Where do you work? What's your position in the company?
    • Re:Good. (Score:5, Funny)

      by theskipper ( 461997 ) on Friday October 13, 2006 @02:50PM (#16428921)
      Joe, is that you?

      "Bossman" Steve here.

      Quit whining on slashdot and get back in the meeting immediately .

    • Flip Chart?, Chalk board?, Shadow Puppets?

      Not to be mean, but Powerpoint is merely a tool purpose-designed for doing presentations. It is quite possible to write a good presentation in Poser-poi...er...Powerpoint, it just can't compensate for a bad presenter.

      I like OpenOffice Impress as well BTW.

      • by MankyD ( 567984 )
        Paper.

        Print it out. Hand it out. You fit way more information on a sheet of paper than in power point (you can print 6 power point slides on an 8.5x11 and still have tons of white space left unused.) Also, it allows your audience to walk away from your presentation with the notes still in hand. Thirdly, it gives them a writing material on which to take notes. Fourth, no one will have trouble reading a sheet of paper right in front of them (unless they need a new glasses, of course.) Fifth, you won't have
        • by Y0tsuya ( 659802 )
          Sure, let's kill more trees while we're at it.
          • Ok fine, killing trees is not good, but using a 400W projector for a couple hours on a meeting, will use some good amount of energy which probably won't come from a fotovoltaic solar cell or some other green energy; I haven't done the numbers, so I can't tell for sure which case is "ecologically worse" ... but you can also use recycled paper can't you?
        • Re: (Score:3, Interesting)

          by jarich ( 733129 )
          people are free to review material at their own pace without interrupting the presentation.

          Translation: People are free to ignore the presenter while the audience flips through the paper and reads at their own pace.

          Then, after the presenter has wasted their time talking, you can tune back in and ask the questions that were just answered in the presentation.

          Then the presenter can answer the same questions for the next person who also tuned out to read the hand outs.. then again for the next person..

    • Re:Good. (Score:4, Insightful)

      by TobyRush ( 957946 ) on Friday October 13, 2006 @03:04PM (#16429189) Homepage
      I don't use PowerPoint. When I go to a meeting, which is often, I immediately leave the room if someone decides to bore me with stupid phrases in 12-centimetre type.

      To be fair, that's not PowerPoint's fault; it's a lack of presentation skill that seems to pervade the business culture today. If I am talking finances and I have a $2000 laptop and a $4500 projector displaying this on the screen:

      Finances
      - income
      - spending

      ...then it doesn't matter what software I'm using, I'm wasting resources. PowerPoint has a lot of functionality that can be used to enhance presentations but most people don't use it. So they could really just use a word processor or slideshow program to do practically the same thing.

      If you want bash PowerPoint (and I realize that wasn't necessarily the parent's goal), try this: the interface STINKS. I haven't used OpenOffice or StarOffice, but if they are trying to emulate PowerPoint's interface, then I won't bother.

      <fanboi>I'm a Mac user and Keynote is much, MUCH more elegant to use... and can even import and export PowerPoint files.</fanboi>
    • by Tim C ( 15259 )
      I am an intelligent man

      But apparently not intelligent enough to not needlessly antagonise the people you have to work with...
    • Re:Good. (Score:4, Funny)

      by aplusjimages ( 939458 ) on Friday October 13, 2006 @03:42PM (#16429831) Journal
      I am an intelligent man and I demand an intelligent medium by which to be educated.

      What does that even mean? I suppose when you run a meeting you put everything together in a video presentation using Macromedia Director that link to sources. After the meeting you give everyone a CD copy so they can view it at their desk. Sure it takes you a month and a budget to get your 15 minute presentation together, but damn its so intelligent.
    • Interesting. So as powerpoint is the pretty much the standard for scientific conferences (or at least the many that I go to each year and I assume, but cannot comment by experience, in other disciplines) I assume you're talking about a business meetings. Most business meetings I have been to use hard reports or powerpoint. You may see here that I'm a little confused as to what you business is. Of course you may work for a company that is enlightened enough to use something other than distro, but then on the
    • Not such a bad concept if one considers that a couple years ago there was an article about how PowerPoint makes you stupid and they had proof: there was apparently a lot of information in a presentation on the subject of how the Space Shuttle could have one of its tiles broken and that could cause a major malfunction. No one understood it because the presentation distracted from the information at hand and so the Shuttle was launched without this being taken into account.
      • by Skater ( 41976 )
        Edward Tufte is the person in question.

        He does a great lecture on information presentation. Definitely worth seeing, especially if you can get your employer to pay for it like I did.

        Unfortunately, my employer has a "Standard PowerPoint Template That We Must Use For Official Presentations" that pretty much destroys everything Tufte taught us in favor of a standard look for presentations that... meh, I'm ranting.
    • In Soviet Russia

      gaudy Powerpoint presentations full of hype but no real meaning whatsoever

      ATTACK YOU!
    • Of course you do, they don't let janitors clean during mid-management meetings.... On a side note, I see all these "responses" Microsoft has to Zero Day exploits from other people proof of concepts. What about what MS does to proactively find these holes? I would really love to see the ratio of what they find vs. what is found by others.
    • by Y0tsuya ( 659802 )
      I am an intelligent man and I demand an intelligent medium by which to be educated. You get your education from Powerpoint slides? Where did you go to school, DeVry's? Plus that sentence above reminds me of a pouting 1st grader who insists that he's a "Big Boy" now.
  • Open Office... (Score:3, Interesting)

    by Sporkinum ( 655143 ) on Friday October 13, 2006 @02:42PM (#16428759)
    I open and create all of my presentations in either Open Office or Star Office. So I don't see and issues for me. I don't do anything esoteric, so I have never had a MS Office user have a problem with my presentations.
    • I've had plenty of problems. I work in a team where I have to deliver presentations in Powerpoint format. I use OpenOffice.org to create and show the presentations, and convert them to Powerpoint format for other team members. They often complain about text being unreadable (usually because it's in a different color from my original), weird symbols in the text (I get that too, when I open Powerpoint files in OOo), and text falling off the slides.

      It's not like I'm doing anything fancy; I believe in the KISS
      • by mspohr ( 589790 )
        I wonder what you're doing to cause these issues. I've done all of my presentations for the past few years in OO.org and they are invariably presented on some random version of MS Powerpoint on the computer attached to the projector.

        I've never had any of the problems you describe. However, I don't try anything fancy... Just text and images.

      • I've never had a problem with OO and the Powerpoint lectures my Uni has online.
        They all render perfectly.

        Admittedly I've never created a presentation in OO. I stay away from Powerpoint style things like the plague.
    • If you went the other way around, you might notice an Open Office problem. I was testing Open Office to see if it could be a suitable Office Suite for some friends who got a used computer without Microsoft Office. I used Open Office to load documents created with MS Office, and vice versa. I also edited and saved the documents, to see if they could still be loaded in the original packages and hadn't lost anything. The only place I found Open Office was lacking was in the OpenOffice.org version of Powerpoint
  • Invasion (Score:4, Funny)

    by justinbach ( 1002761 ) on Friday October 13, 2006 @02:43PM (#16428781) Homepage
    That has got to be one of the funniest headlines I've seen in a LOOOONG time.

    Stock up on milk and bread! Get out the hand-crank radio! The autoshapes are approaching fast! Run! For the love of God, RUN!!!!!!!!!!!!!!
  • by Apocalypse111 ( 597674 ) on Friday October 13, 2006 @02:44PM (#16428799) Journal
    Well, if nothing else, college classes would get a little more interesting if the prefessor's slideshow suddenly turned into a stag reel...
  • by Channard ( 693317 ) on Friday October 13, 2006 @02:46PM (#16428845) Journal
    ... I've seen plenty of presentations where the content has been so obscured by all the bells and whistles the user has added. While they're fixing the bug, maybe Microsoft can add a 'View Presentation in Minimalist Mode' option to Powerpoint.
    • yesterday.

      It was amazing, the guy just set it in motion and sat back down. Whole thing was animated, backgound music, transparent lettering that floated in front of the slides as they appeared. He never said a word, just let this thing run.

      In the end, it was eye-candy but no substance. Being the smart-ass that I am, I made the comment to the guy sitting next to me (in a low and very dead-pan tone), "wow...he's got some mad powerpoint skills".

      Ya know when you're in those situations where you have to be qu
    • ... I've seen plenty of presentations where the content has been so obscured by all the bells and whistles the user has added. While they're fixing the bug, maybe Microsoft can add a 'View Presentation in Minimalist Mode' option to Powerpoint.

      Sadly, Apple's Keynote program is even worse for this. Whenever I make a presentation that is not PR nonsense I have to restrain myself from using the cool transitions and the like which distract others from the content. Usually, I find a handful of slides with real

    • ``I've seen plenty of presentations where the content has been so obscured by all the bells and whistles the user has added.''

      I think that goes for most of us. It always makes me wonder if the person making these slides didn't have anything better to do than adding all that fancy crap. But then again, they often seem to enjoy it, so I'm like, ok, let them have a little fun while doing there work.
      • ``But then again, they often seem to enjoy it, so I'm like, ok, let them have a little fun while doing there work.''

        Come to think of it, maybe we should add a side bar with some games to Slashdot?

        BTW: s/there work/their work/. Excuse me.
    • Re: (Score:3, Insightful)

      by Z34107 ( 925136 )

      Microsoft should have a short "style guide" that appears the first time a user account starts powerpoint. It would have a nice list of my pet peeves, including:

      • All slids should use the background image. The image should not just be a rectangle you drew over a blacnk slide because you were too stupid to click file->new, and if all else, it should not show a different seizure-inducing color every slide.
      • Your powerpoint should never feature sound effects. This feature was included as a test to determine w
      • All slids should use the background image. The image should not just be a rectangle you drew over a blacnk slide because you were too stupid to click file->new, and if all else, it should not show a different seizure-inducing color every slide.

        (See fourth bullet in your post) :)

        Most of the time I prefer NO background image; it takes away from the content. I sat through a PowerPoint presentation at a seminar this past week, and it had bulleted lists, proper images, and no background at all. It was wonde

    • I work at a community college. In my department, the instructors are always emailing their students PowerPoint presentations with instructions to "go to the computer lab and print out the notes from this". All good and well, but these students are not PPT whizzes. They think that all they have to do is click "Print" and the notes come out. Never mind the fact that by default, Print gives you each slide on its own page. Then it gets really humourous when I tell them that they have exceeded their daily printi
  • Powerpoint and Excel (Score:5, Interesting)

    by balsy2001 ( 941953 ) on Friday October 13, 2006 @02:46PM (#16428853)
    When I was an intern at a company that was in a competition with other companies to get business from lockheed they sent out a CD with power point slides on it that showed how our company rated against other companies. They had "scrubbed" the presentation so that we didn't know who anyone was except for our own company. There were many Excel graphs in the slides. It turns out that not only were the graphs embedded in the slides but the entire spreadsheets to make them were too. This allowed me to find the code to un-scramble which companies were which. I am not sure if this was/still is an "exploit", but at least something that every one should be aware of.
    • Many users have found, to their dismay, that the documents they sent has complete unlimited unedit buffers and the reciepient can actually unwind the doc and see previous versions of the document!!. Some stupid companies "redact" information by setting the background font to be black. All you need to do is to select all text and suddenly the redacted text is readable, albeit in weird colors. There was high profile unintended release [/.ers dont even think of making a joke here on that phrase] of information
    • Re: (Score:3, Informative)

      by vertinox ( 846076 )
      Funny thing about Excel, Word, and Powerpoint...

      If you copy a small section or a single graph in Excel and paste it into Powerpoint as an object... It pastes the entire file.

      Even if all you can see is just a small fraction of the file in powerpoint.

      What I usually recommend it paste special as bit map or copy it as a picture (by holding down the shift key in excel and then going to Edit > Copy picture) and then paste into Powerpoint.

      For some reason it looks nicer, keeps your PPT file size down, and you wo
  • by __aaclcg7560 ( 824291 ) on Friday October 13, 2006 @02:52PM (#16428977)
    Now I'm scared and it's not even Halloween yet!
  • I wonder, is the guy whose bright idea it was to come up with a fixed day for patching still working at MS?
    • They had no choice but to keep him. He makes good coffee, BTW. The other guy suggested posting patches on days ending in y; that was the last meeting he ever attended. The last printout he ever did on the company printer, was WILL WORK FOR ...but I never stuck around long enough to see the rest of it. Never saw him again.

      Strange zero days indeed.
       
    • I think she is working for mozilla now, maybe we will soon have a patch tuesday for firefox...
  • Hey Microsoft! (Score:1, Insightful)

    by Anonymous Coward
    What's with the sudden interest in security? If I didn't know better, I'd think you had a new OS release imminent:P

    What gives?
  • That it had already been established that undisclosed PowerPoint & MS Office exploits are being used to commit corporate espionage?
  • Nothing new (Score:3, Insightful)

    by msuzio ( 3104 ) on Friday October 13, 2006 @03:02PM (#16429151) Homepage
    I think every presentation I've ever seen with flying graphics, pie charts, bullet points zooming in from the left, and all the other PowerPoint abuses a sales or marketing droid can think up in his voluminous spare time off the golf course, would definitely qualify as "PowerPoint Attacks".
  • by FerretFrottage ( 714136 ) on Friday October 13, 2006 @03:02PM (#16429163)
    I'm sure the I can speak for most of us when I say that we've already been experiencing power point attacks and they started right around the time our bosses took their first power point course and learned how to use^H^H^H abuse sound and animations.

  • .. then invades all of the theatres showing "The Departed", "The Grudge 2", "Man of the Year", "Aquaman" and "Spiderman" to have the highest grossing box office weekend of all time.
  • by Dystopian Rebel ( 714995 ) * on Friday October 13, 2006 @03:07PM (#16429247) Journal
    PowerPoint is the preferred communication tool of the Idiocracy.

    If knowledge of this vulnerability falls into the wrong hands (Kim Jong-Il, Fascist Moozlams, Treacherous Liberals, or the French) it could destroy Corporate America!

    Fortunately, it can't destroy the White House. They draw all their ideas on big sheets of paper with crayons.
  • by writermike ( 57327 ) on Friday October 13, 2006 @03:07PM (#16429255)
    And this is, I think, the first PC virus to attach into Meat Space, as it were.

    The way this works is that a compromised Powerpoint presentation is played to a room-full a victims. The speaker is first affected, speaking in a very monotone voice, rapidly clicking through the compromised slides of bullet-points and pie-charts. Within 10 minutes, all the victims are asleep.

    I swear. I've seen this happen!! NO URBAN LEGEND! Check SNOPES!!!!!!
  • by the darn ( 624240 ) on Friday October 13, 2006 @03:09PM (#16429299) Homepage
    Your pitiful FlipChart-fu is no match for my mighty PowerPoint Attack!
  • by jayloden ( 806185 ) on Friday October 13, 2006 @03:16PM (#16429429)
    Microsoft Warns of PowerPoint Attack

    We have these at work all the time. I call them "meetings"...
  • I make all my slide shows using XHTML [w3.org]. It sure takes a lot longer than PowerPoint, but it makes me feel all warm inside and that is all any of us are after.
  • Weren't they warned about this problem several months ago [informationweek.com]? Or is this yet another one???

  • by Animats ( 122034 ) on Friday October 13, 2006 @03:24PM (#16429603) Homepage

    Microsoft has this annoying policy of putting some kind of general purpose execution engine in every Office product, from Word to PowerPoint to IE. Documents don't have to be Turing-complete, people. In fact, they're more useful if they're purely declarative - you can repurpose the content.

    (Postscript is the classic bad example. The Postscript model is explicitly an interpreter. As a result, it's difficult to do anything with a Postscript document other than print it in the specified format. Text extraction is tough. Reliable format conversion is very tough. Reliable conversion to a different screen size, which ought to be easy, is terribly hard. Everybody moved away from Postscript, even Adobe. Microsoft should have learned from this.)

    • by Anonymous Coward
      Postscript is the classic bad example. The Postscript model is explicitly an interpreter. As a result, it's difficult to do anything with a Postscript document other than print it in the specified format.

      I might be wrong, but wasn't the whole point of PostScript to be for printing? I think in that respect it succeeded rather well. I wasn't meant to be converted to different formats or re-aspected (actually pure "size" conversion [scaling] works well because its not raster) or edited or anything else.

      And Pos
    • While true that PS is a Turing complete language, all those things you mention are specificly excluded from its goals. Its goal is to provide an exact method of printing something on paper. If you are trying to do something with a Postscript file and you are not either a Postscript printer, or Postscript displayer, then you are doing something outside of the spec.

      The problem may be that people are using PS as a transmission-for-later-editing format, which it isnt.
  • You sure it's not this? [ytmnd.com]
  • I've been suffering PowerPoint attacks in morning meetings for years now.

  • "The PowerPoints are coming!! The PowerPoints are coming!!"
  • With all these patches that are now flooding windows users for both OS and other microsoft products. Microsoft has put so much effort into actually trying to roll out Vista, that they have committed a mistake only some small businesses are known for: Putting their eggs in one basket. They've let the obvious and numerous flaws from old operating systems stack up with no regard to fixing them save in massive updates, to find a way to push everyone involved in development and patching duties to focus on gettin
  • This is not news.

    I'm a network administrator and I've been noting (and every administrator on the planet too, I guess) that at least since april this year, in the days following patch tuesday (I call that "black friday") there is a new batch of exploits, and there are usually no MS exploits (the last month being an exception) until the next black friday.

    Let's face it. If MS chooses a specific day to release al its patches of the month, it's logical that blackhats will choose a day that gives their exploits
  • Currently: "The Microsoft Security Response Center works every day to help protect customers from vulnerabilities in software."

    Should be: "The Microsoft Security Response Center works every day to help protect customers from vulnerabilities in our software.
  • The phrase PowerPoint attack causes me to think of a semi darkened room of people attending a business meeting. They have passed out on the seminar table, but they aren't dead, they are anesthetized.
  • I've never used Powerpoint.

    • You know, I've used it but I would never actually install it on one of my machines (the corporate menagerie is another matter). However, the other day I noticed that Gateway had conveniently installed MSOffice on their factory image. It needs a key to start using it, but I wonder if any vulnerabilities can get through even if the product is not registered. It was close to 250M so I deleted it, but what if I hadn't?
  • I mean, we see this "Microsoft 0day" story every week...
  • by Greyfox ( 87712 ) on Friday October 13, 2006 @04:55PM (#16430839) Homepage Journal
    Is to buy a laser "pointer" from Wickedlasers.com and use it to try to burn a hole in anyone who attempts to present a powerpoint presentation to me. Note that this method can be defeated by painting your skin the same color as the laser, which is why it's important to have a couple of different colors on hand in case your presenter is a wiley one (I'm still working out what to do in the event of one wearing a mirrored fire suit...)
  • I hear that Power Point is so feared because of its large store of ammunition, it has plenty of bullets.

    Thanks folks I'll be here all week, and try the fish.
  • Evil (Score:3, Interesting)

    by the eric conspiracy ( 20178 ) on Friday October 13, 2006 @07:08PM (#16432227)
    What do you expect, Power Point is EVIL [wired.com]

  • So - will Microsoft provide us with any defence against pointy sticks, then?
  • Quick, post a load of off topic tosh to distract from the article. This place is getting as bad as UseNet with all the trolling. Does anyone here want to discuss how accessing data can allow the execution of arbitrary code on a machine.
  • Was this threat directed at the EU Commissioners?

Economists state their GNP growth projections to the nearest tenth of a percentage point to prove they have a sense of humor. -- Edgar R. Fiedler

Working...