Patch now! Attackers are targeting HPE OneView and PowerPoint

Currently, unknown attackers are targeting macOS systems via a seventeen-year-old security vulnerability in PowerPoint with malicious code. HPE's IT management system, OneView, is also currently facing malicious code attacks. Admins should therefore immediately secure their systems with security patches. In both cases, it is unclear to what extent and how exactly the attacks are proceeding.

The US Cybersecurity and Infrastructure Security Agency (CISA) warns of the attacks in a recent post. In both cases, malicious code gets onto computers after a successful attack. This usually leads to attackers gaining full control over systems.

Background

The Office vulnerability from 2009 affects the description of the vulnerability (CVE-2009-0556 “high”) PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, as well as PowerPoint in Microsoft Office 2004 for macOS. To initiate attacks, attackers must trick victims into accepting a prepared PowerPoint document. If victims open the file, memory errors occur, followed by the execution of malicious code. Simply receiving such a file, for example via email, should not initiate attacks. Victims must therefore cooperate.

Information about the vulnerability can be found in an old post from Microsoft, but the post with information about the security update is no longer online. Anyone still using one of the outdated and vulnerable versions should perform an upgrade for security reasons or switch to an alternative.

The “critical” vulnerability with the highest rating (CVE-2025-37164, CVSS Score 10 out of 10) in HPE OneView has been known since December of last year. A hotfix that closes the vulnerability has also been available since then. The software vendor has compiled further information on this in a warning message.

(des)