Just when you thought you were safe from dangers such as the Conficker worm comes another hole in Microsoft's security, this time in the form of a PowerPoint zero-day vulnerability. Microsoft issued a statement yesterday warning PowerPoint users not to open unknown or unexpected PowerPoint e-mail attachments. These .ppt or .pps files may contain a virus that allows remote code execution, meaning hackers can pirate your computer and force it to function at will.
Microsoft calls these attacks "limited and targeted" and affecting the following:
- Microsoft Office PowerPoint 2000 Service Pack 3
- Microsoft Office PowerPoint 2002 Service Pack 3
- Microsoft Office PowerPoint 2003 Service Pack 3
- Microsoft Office 2004 for Mac
The virus has no effect on Microsoft Office PowerPoint 2007 or Microsoft Office 2008 for Mac.
This hole in Microsoft security's swiss cheese armor can also be executed on the Web. Keep an eye out for Web sites attempting to lead you to downloadable PowerPoint files. Since the flaw is located only within PowerPoint, it's necessary that the file is actually opened.
While this zero-day vulnerability will not reach the broad audience the Conficker virus threatens, it does paint a bull's eye on business customers who rely heavily on PowerPoint presentations and may have valuable financial data stored in the company database.
The Microsoft Security Research and Defense blog recommends using PowerPoint's newer XML format; temporarily disabling the binary file if you're using PPTX; and temporarily forcing all legacy PowerPoint files to open in MOICE -- a method of opening files that reduces the risk of exposure.
If you believe you've caught the bug, Microsoft recommends implementing the Windows Live OneCare safety scanner, which will identify malicious PowerPoint files as Exploit:Win32/Apptom.gen.
As always, exercise caution when opening attachments or following yellow brick roads on the Internet.