Microsoft Warns About a PowerPoint Virus
Microsoft warned about a new computer virus that exploits a vulnerability in its PowerPoint presentation software to allow hackers to infiltrate computer systems
Microsoft issued an advisory on the company's security Web log on July 17 about the
virus, which is carried out when a user launches a PowerPoint attachment to an e-mail or
opens a file provided to them by the attacker.
Hackers could also lure users to a Web page that offers content or advertisements containing a file that exploits the PowerPoint software, Microsoft said. The vulnerability applies to PowerPoint 2000, 2002 and 2003.
Once the user triggers the corrupt PowerPoint file, the virus installs a keystroke logging system to capture everything typed on the machine. It also leaves the machine open to having a hacker install other malicious programs.
"It installs a backdoor and allows for all types of software to be downloaded on the computer and the computer can be remotely controlled," said Alfred Huger, a security expert at Symantec Corp.
Microsoft said it was completing development of a security update to fix the vulnerability and was on schedule to release the patch on August 8, or sooner, as part of a monthly security update. The company reported a "limited" number of attacks.
Hackers could also lure users to a Web page that offers content or advertisements containing a file that exploits the PowerPoint software, Microsoft said. The vulnerability applies to PowerPoint 2000, 2002 and 2003.
Once the user triggers the corrupt PowerPoint file, the virus installs a keystroke logging system to capture everything typed on the machine. It also leaves the machine open to having a hacker install other malicious programs.
"It installs a backdoor and allows for all types of software to be downloaded on the computer and the computer can be remotely controlled," said Alfred Huger, a security expert at Symantec Corp.
Microsoft said it was completing development of a security update to fix the vulnerability and was on schedule to release the patch on August 8, or sooner, as part of a monthly security update. The company reported a "limited" number of attacks.