X
Business

Attackers pounce on Microsoft PowerPoint zero-day

Attackers are using rigged PowerPoint files to exploit an unpatched vulnerability in Microsoft's presentation software, according to warning late Thursday from the software maker.In a pre-patch advisory, Microsoft described the attacks as "limited and targeted," the kind of language that suggests it is being used to steal data from corporate or government networks.
Written by Ryan Naraine, Contributor

Attackers are using rigged PowerPoint files to exploit an unpatched vulnerability in Microsoft's presentation software, according to warning late Thursday from the software maker.

In a pre-patch advisory, Microsoft described the attacks as "limited and targeted," the kind of language that suggests it is being used to steal data from corporate or government networks.  The malware associated with the attack is a Trojan dropper embedded within an exploit in .ppt or .pps data files.

According to the advisory, the vulnerability allows remote code execution if a user opens a booby-trapped PowerPoint file.

The newest Microsoft Office PowerPoint 2007 and Microsoft Office for Mac 2008 are not affected.

Affected software:

  • Microsoft Office PowerPoint 2000 Service Pack 3 Microsoft Office PowerPoint 2002 Service Pack 3 Microsoft Office PowerPoint 2003 Service Pack 3 Microsoft Office 2004 for Mac

[ SEE: New MS tool isolates Office 2003 zero-day exploits ]

Microsoft has activated its security incident response process, which includes collaboration with anti-malware partners and internal efforts to identify the buggy portions of the code.  Once the process is complete, the company will issue a bulletin with patches but this could take several months.

In the meantime, Microsoft recommends that Office users avoid opening or saving files, even from trusted sources because those could be spoofed.

[ SEE: MS Word exploit generator circulating? ]

If PowerPoint usage is heavy in your business, you should consider implementing MOICE, a tool that uses the 2007 Microsoft Office system converters to convert the Office binary format files into the Office Open XML format.

IT admins could also use the Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations.

More at Techmeme and Threatpost.

Editorial standards