CISA warns of active attacks legacy PowerPoint flaw
Take action: If you're still running legacy Microsoft Office (2000-2003 or 2004 for Mac), remove it and upgrade immediately to a supported version. This 15-year-old PowerPoint flaw is being actively exploited to install malware. If upgrading isn't possible right away, remove PowerPoint from these old systems and avoid opening any .ppt files.
Learn More
CISA) is reporting active exploitation of a legacy memory corruption issue in Microsoft PowerPoint. Successful exploitation allows attackers to deploy malware or move through the network.
The flaw is tracked as CVE-2009-0556 (CVSS score 9.3) - Memory corruption in legacy PowerPoint (2000-2003 and 2004 for Mac). This flaw causes memory corruption when the software opens a specific data structure in a .ppt file. Attackers cann use malicious attachments to run code on the victim's machine. The reporting of this very old flaw suggests that hackers are still finding success against outdated Office installs in modern environments.
Affected systems include legacy Microsoft Office 2000, 2002, and 2003 installations and office 2004 for Mac
Federal agencies must patch these systems by January 28, 2026. The inclusion in the KEV catalog confirms that attackers are actively using these flaws to break into networks.
For legacy Microsoft products, the best defense is to remove the software or upgrade to supported versions.
