Hovering over a link in a malicious PowerPoint file can execute malware

News

Reading time icon 1 min. read

Calendar icon Published on

by Radu Tyrsina 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

A new vulnerability has been found that can allow malware to spread by just hovering over a link in a PowerPoint document (via Ars Technica).

This kind of attack is different, as it doesn’t require the use of macros or scripts as seen in previous attacks, instead merely hovering over what could seem like a legitimate link is enough to kickstart the infection process.

The attack works by using Windows PowerShell. Newer versions of PowerPoint will ask users whether they’d like to exit Protected View, whereas older versions are less protected.

One example where this trick can be used is by placing a malicious link in a PowerPoint that says “Loading…” – users are then likely to disable Protected View to see the full document, hover over the link and unknowingly infect their PC with malware.

While there is no fix so far, users are recommended to be weary of which PowerPoint documents they open and which links they hover over.

Radu Tyrsina

Radu Tyrsina Shield

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time). For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web. Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they're looking for.