Due to security flaws in its products, Microsoft has recently warned computer users not to open Microsoft Office attachments (PowerPoint, Word, and Excel files) even sent by trusted friends if the file is not expected. The problem is that new security holes have been found that can allow criminals to install keyloggers on your computer if you open attachments they send out from other people’s infected computers to those on their email contacts lists. Thus, email that appears to come from a trusted friend may contain malware that could track all your passwords and allow criminals to wipe out your bank accounts, commit identity theft, or destroy your life in other unpleasant ways.
The real problem is not Microsoft but the vicious evil of malicious hackers and other criminals, driven by greed and malice. Their crimes affect all of us, making trust a dangerous virtue, at least when it comes to email. It’s not just cyberspace where trust is risky. Child abuse, theft, malicious gossip, and many other vices all make it more dangerous than ever to simply trust someone. Sad that we must be so cautious, but necessary.
Here is an excerpt from the story in Eweek:
In the midst of back-to-back zero-day attacks against select businesses in the Far East, Microsoft on July 17 released a security advisory with a terse message: Do not open or save unexpected Microsoft Office files, even if they come unexpectedly from a trusted source.
The company’s advisory comes less than a week after virus hunters discovered that a previously undocumented flaw in Microsoft PowerPoint was being exploited to plant a keystroke logger on infected Windows systems.
Microsoft confirmed that the vulnerability exists in Microsoft PowerPoint 2000, Microsoft PowerPoint 2002 and Microsoft PowerPoint 2003 and said a patch is being developed and tested for release on August 8. “In order for this attack to be carried out, a user must first open a malicious PowerPoint document attached to an e-mail or otherwise provided to them by an attacker,” the Redmond, Wash., software maker said in its advisory.
There are no prepatch workarounds in the advisory. Instead, Microsoft said Windows users should avoid opening or saving Office files, especially those that arrive from untrusted sources.
If an Office file–Word, Excel or PowerPoint–arrives unexpectedly from a trusted source, the advice remains the same.