PowerPoint Hit in Latest Microsoft Office Zero-Day Microsoft Warns Windows and Mac PowerPoint Users of Vulnerability Stuart J. Johnston
Users of older versions of Microsoft's PowerPoint presentation software may have a new reason to think about upgrading.
In a Security Advisory late Thursday afternoon, Microsoft warned Windows and Mac users that the company has received reports of active attacks "in the wild" via a zero-day vulnerability (define).
The vulnerability affects Windows users with Service Pack 3 (SP3) of PowerPoint 2000 through 2003, as well as Apple Mac users with PowerPoint 2004.
However, users with Office 2007 are already protected, as are document viewers for both PowerPoint 2007 and PowerPoint 2003, according to the advisory. It's unclear if additional versions of PowerPoint may be affected; Microsoft only provides support for the latest service packs — in this case, SP3.
Although it has been hit yet again by a zero-day attack — so called because the security flaw responsible for the vulnerability had not been known before the day the exploits began — Microsoft officials minimized the impact so far.
"At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability," the advisory said.
Perhaps one of the reasons why the attacks have yet not been widespread is that an attacker must trick a user into opening a booby-trapped PowerPoint presentation to trigger the exploit.
However, it's no fun for users who do get hit — a successful attack results in complete compromise of the user's PC.
Microsoft so far has revealed few details of the vulnerability or how it could be used to launch attacks, except to say that it could result in execution of "arbitrary code." That's security lingo meaning complete takeover.
The company's certainly no stranger to zero-day attacks. Most recently, it suffered another zero-day attack in late February, this one targeting Excel. Microsoft has not yet released a fix for the problem.
In the latest attack, Microsoft's advice is for users of the affected versions of PowerPoint to not open any PowerPoint file (PPT) that comes from an untrusted source or that seems out of the ordinary.
Additionally, the company also recommends that affected users install the Microsoft Office Isolated Conversion Environment (MOICE), which could provide an additional measure of insulation from the attack.
"If you suspect that you were target for such an attack, you can scan your computer with the Windows Live OneCare safety scanner. The malicious PPT files are detected as Exploit:Win32/Apptom.gen," Microsoft's security response team said in a blog post.
So far, Microsoft has not decided how to approach the vulnerability. Officials said that the company, if it decides it's necessary, will release a fix either as part of the regular "Patch Tuesday" cycle or as a standalone, out-of-cycle patch.
