Q. I am concerned about security holes in applications, such as the flaw in Microsoft PowerPoint that was reported recently. What do I need to know or how can I protect against cyberthreats that take advantage of such vulnerabilities?
A. The latest incident is an example of how a PowerPoint threat can enable code execution and may contain a dropper that can be used to install and execute a backdoor programme to compromise a user's system.
Exploits like this are further evidence of the growing trend in vulnerabilities that target client-side applications, including browser flaws and the recent surge of Microsoft Excel and Word exploits, and this recent string of client application exploits should be considered by security administrators to be as critical as flaws discovered in servers or core external applications.
Consider the following mitigating workarounds and simple 'tried-and-true' policies to minimise the risk posed by these exploits:
- Do not open PowerPoint files attached to any e-mail from those you don't know
- Do not open PowerPoint attachments from those you do know, if you weren't expecting an attachment from that person, or if the content of the email seems out of character for that person
- In corporate settings, administrators should consider blocking all incoming Word, PowerPoint, and Excel files from external unverified sources by policy. Inter-company documents may be considered relatively safe from this particular threat, assuming no significant internal problem exists
- Avoid opening externally-hosted PowerPoint documents
- Ensure your antivirus definitions are up-to-date. Trend Micro customers should be using OPR 3.587.00 or later
- Run a manual scan with your updated Trend Micro product, or with Housecall, Trend Micro's online virus scanner.
In addition to the guidelines discussed above, companies of all sizes should consider stricter security audits, code reviews and continuous patch updates for both client-side and server-side applications, and that they should be well-implemented and flagged with the same importance, if not now, then as soon as possible.
This tech tip was provided by Ivan Macalintal, senior threat analyst at Trend Micro.