Microsoft issued a security advisory yesterday saying that hackers are now attacking through an unpatched flaw in Microsoft Office PowerPoint.
On the heels of the big Conficker controversy taking place a few days ago, another threat has surfaced that appears to have more of an immediate impact. According to a security advisory launched by Microsoft yesterday, reports have surfaced that a vulnerability in (Office) PowerPoint could allow remote code execution if a user opens a special PowerPoint file created just for that purpose. The vulnerability affects Office versions 2000 SP3, 2002 SP3, 2003 SP3, and 2004 for Mac.
According to Microsoft, the vulnerability is caused when PowerPoint accesses an invalid object in memory when parsing the malicious file. This creates a condition that allows the attacker to execute arbitrary code. If successful, the attacker can take complete control of the affected system. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," the company said. "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
"At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability," the company added.
As of this writing, Microsoft has not issued an immediate fix. However, the company said the vulnerability would be addressed through the monthly security update release process, or via an out-of-cycle security update. In the meantime, Microsoft suggested that consumers not open or save PowerPoint files received from unknown sources via email or USB drives. Consumers can also use the Microsoft Office Isolated Conversion Environment (MOICE) if those file need to be opened. Additionally, the Microsoft Office File Block policy can restrict the opening of Office 2003 and earlier documents as well.
"Customers in the U.S. and Canada who believe they are affected can receive technical support from Security Support or 1-866-PCSAFETY," Microsoft offered. "There is no charge for support calls that are associated with security updates."
Look for Microsoft to address the PowerPoint vulnerability soon.