Press Releases

Browse our press release archive

18 Jul 2006

Firms wait for Microsoft fix for zero day PowerPoint flaw

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have advised companies to exercise care over which PowerPoint presentations their users open, as businesses wait for Microsoft to fix an unpatched PowerPoint vulnerability.

Microsoft has confirmed that a critical vulnerability exists in PowerPoint 2000, PowerPoint 2002 and PowerPoint 2003 which can allow malicious attackers to run unauthorized code on users' computers. According to the company, it is scheduled to issue a fix on Tuesday 8 August or earlier if required.

"PowerPoint is commonly used in the business environment for delivering corporate presentations. Hackers may attempt to trick workers into opening malicious PPT attachments that could exploit the flaw and install malware onto Windows computers," said Graham Cluley, senior technology consultant for Sophos. "Many have experienced the soul-destroying feeling of sitting through a far-too-long corporate presentation, but this critical flaw could deliver a far more serious case of 'Death by PowerPoint'."

Microsoft has published information about the vulnerability in an advisory on its website.

"Once a PC has been infected by a backdoor Trojan, hackers can gain access to the computer to spy, to steal, to plant further malicious software, or to launch spam and/or denial-of-service attacks. Many eyes will now be looking to Microsoft, to see how quickly they can release a critical security fix for their PowerPoint program," continued Cluley. "Everyone needs to exercise caution over which files they choose to open on their Windows PC."

Last week, Sophos experts warned of a malicious Chinese PowerPoint PPT file which contained exploit code that drops the Troj/Edepol-C keylogging Trojan horse onto users' computers.

The Trojan horse also attempts to disable anti-virus products running on the infected computer.

The PowerPoint presentation secretly drops a Trojan horse onto computers

The PowerPoint presentation secretly drops a Trojan horse onto computers.

Sophos has been protecting against the Troj/Edepol-C Trojan horse dropped by the Microsoft PowerPoint file since 14:01 GMT, Friday 14 July, but warns that hackers could exploit the PowerPoint vulnerability to spread new Trojan horses.

Sophos recommends companies put in place a consolidated solution to defend against viruses, spyware and spam, and ensure that it is automatically updated as new threats emerge.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at