Hovering over a link in a malicious PowerPoint file can execute malware

Reading time icon 1 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

A new vulnerability has been found that can allow malware to spread by just hovering over a link in a PowerPoint document (via Ars Technica).

This kind of attack is different, as it doesn’t require the use of macros or scripts as seen in previous attacks, instead merely hovering over what could seem like a legitimate link is enough to kickstart the infection process.

The attack works by using Windows PowerShell. Newer versions of PowerPoint will ask users whether they’d like to exit Protected View, whereas older versions are less protected.

One example where this trick can be used is by placing a malicious link in a PowerPoint that says “Loading…” – users are then likely to disable Protected View to see the full document, hover over the link and unknowingly infect their PC with malware.

While there is no fix so far, users are recommended to be weary of which PowerPoint documents they open and which links they hover over.