Microsoft warning users about a zero-day attack exploiting a critical vulnerability in Microsoft Office PowerPoint that could allow remote hackers to launch arbitrary code on their PCs. The malware associated with this vulnerability is a Trojan dropper embedded within an exploit in .ppt or .pps data files.
According to ZDNet the error affects numerous versions of Microsoft Office PowerPoint, including PowerPoint 2000, PowerPoint 2002, PowerPoint 2003 and Microsoft Office PowerPoint 2004 for Mac. However, later versions, including Microsoft Office PowerPoint 2007 and Microsoft Office PowerPoint for Mac 2008, are not affected.
Finally at Cnet mentioned that “ While there is currently no fix for the PowerPoint flaw, Microsoft said that it may release one outside its monthly patching schedule. Workarounds suggested by the company include not opening files received from untrusted sources, using the Microsoft Office Isolated Conversion Environment (MOICE) to open untrusted files, and using Microsoft Office File Block policy to restrict the opening of Office 2003 and earlier documents. ”
Tags: microsoft, office, powerpoint
By the way, today is the April’s Patch Tuesday for Microsoft. In an attempt to fix remote code execution and denial of service vulnerabilities (affecting Windows, Office and Internet Explorer), Microsoft will ship 8 security bulletins five of which are rated “critical”, meaning they can be exploited by hackers to take complete control of Windows machines. According to h-online.com, despite the fact that the hole in Excel (reported in February) will be patched, this hole in PowerPoint (reported in early April) will indeed remain unpatched.