17-year-old PowerPoint flaw still actively exploited by attackers, CISA warns
Someone has likely fallen victim to attackers exploiting an old PowerPoint vulnerability that dates back to 2009. The US cybersecurity authority, CISA, is urging federal agencies to immediately remediate the decades-old flaw.
“Based on evidence of active exploitation,” the US Cybersecurity and Infrastructure Security Agency (CISA) updated the Known Exploited Vulnerabilities (KEV) catalog with a critical Microsoft Office PowerPoint vulnerability.
The code injection flaw is already 17 years old, and it affects even older versions of PowerPoint, including 2000, 2002, 2003, and 2007. All of these office programs, reminiscent of the Windows 2000 and XP era, have long reached end-of-life.
CISA has set a three-week deadline for federal agencies still using them to upgrade by January 28th, 2026.
“Apply mitigations per vendor instructions, follow applicable Binding Operational Directive (BOD) 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable,” CISA urges.
This particular vulnerability enables attackers to execute arbitrary code, and even back in 2009, it carried a severity rating of 9.1 out of 10.
The hackers can simply send a special corrupted PowerPoint file, which, when opened or viewed, causes a memory corruption, allowing the attacker to inject malicious code.
The exploitation of this flaw also isn’t new. It was first exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen campaign.
While Microsoft addressed this vulnerability and released patches back in 2009, systems still running decades-old software are guaranteed to have numerous other critical vulnerabilities.
CISA also flagged a recent critical code injection flaw affecting Hewlett Packard Enterprise (HPE) OneView. It enables remote unauthenticated attackers to run arbitrary code. HPE released patches and an advisory in December 2025.
Unlock more exclusive Cybernews content on YouTube.
