A long‑standing PowerPoint vulnerability from 2009 is once again being exploited, indicating that at least one user has fallen victim to attackers leveraging this outdated flaw. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is now urging federal agencies to take immediate action to remediate the issue.
CISA has added the decades‑old Microsoft Office PowerPoint vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation as the reason for its renewed inclusion. The flaw, a code injection vulnerability, is approximately 17 years old and affects extremely outdated versions of PowerPoint—specifically the 2000, 2002, 2003, and 2007 editions. These versions, which date back to the Windows 2000 and XP era, have been out of support for many years.
Federal agencies still relying on these obsolete products have been given a deadline of January 28, 2026, to upgrade. CISA advises agencies to apply vendor‑recommended mitigations, follow Binding Operational Directive (BOD) 22‑01 for cloud environments, or discontinue use of the affected software entirely if fixes are not available.
The vulnerability, rated 9.1 out of 10 when originally disclosed in 2009, enables attackers to execute arbitrary code. An attacker can trigger the flaw simply by sending a specially crafted PowerPoint file that, when opened or previewed, causes memory corruption and allows malicious code to run.
This vulnerability has seen real‑world exploitation before. It was first abused in April 2009 by the campaign known as Exploit:Win32/Apptom.gen. Although Microsoft issued patches the same year, any system still running such outdated software today is almost certainly exposed to multiple other critical security issues.
Separately, CISA has also highlighted another significant threat: a newly discovered code injection vulnerability in Hewlett Packard Enterprise (HPE) OneView. This flaw allows unauthenticated remote attackers to execute arbitrary code, further expanding the list of current critical security risks.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
