Microsoft revealed Thursday that its PowerPoint software suffers from a major vulnerability that is being actively exploited in targeted attacks.
The bug -- which warranted vulnerability tracking firm Secunia's highest rating of "extremely critical" -- is present in Microsoft Office versions 2000, XP, 2003 and Mac Office, according to an advisory. However, the flaw, which involves the way PowerPoint parses legacy binary file formats, does not reside in PowerPoint for Office 2007.
A number of varying exploits are attempting to take advantage of the vulnerability, according to Microsoft. The malware ploy works by attempting to trick users into opening a malicious PowerPoint slideshow. If they do, a trojan is installed on their machine.
"Usually these files look legit when opened so it is quite easy to fall prey and not even notice that something malicious ran in the background," researchers Cristian Craioveanu and Ziv Mador said in a post Thursday on the Microsoft Malware Protection Center blog.
But the number of victims appears small because the exploits are being leveraged in targeted attacks, they said.
As a workaround, users can use Microsoft Office Isolated Conversion Environment (MOICE), a feature that helps reduce the risk of attack by forcing Office binary format files to open in the Office Open XML format, according to the advisory.
Andrew Storms, director of security operations at vulnerability management firm nCircle, said he was pleased to see that the newest file formats do not seem affected.
"It doesn't affect 2007, so it's a clear indication that the new products from Microsoft solve the problem," he said.
But users still should be wary, considering the widespread use of PowerPoint, Storms said.
"It's as ubiquitous to businesses as Excel and Word is," he told SCMagazineUS.com on Friday. "There are going to be people who are going to be hit by this."
Microsoft and Storms recommended users avoid opening files they weren't expecting to receive.
"If you get a PowerPoint [attachment] in an email that you didn't expect, hit 'Reply All' and ask, 'Did you really try to send this to me?'" Storms said. "Ensure the validity of it."
The bug -- which warranted vulnerability tracking firm Secunia's highest rating of "extremely critical" -- is present in Microsoft Office versions 2000, XP, 2003 and Mac Office, according to an advisory. However, the flaw, which involves the way PowerPoint parses legacy binary file formats, does not reside in PowerPoint for Office 2007.
A number of varying exploits are attempting to take advantage of the vulnerability, according to Microsoft. The malware ploy works by attempting to trick users into opening a malicious PowerPoint slideshow. If they do, a trojan is installed on their machine.
"Usually these files look legit when opened so it is quite easy to fall prey and not even notice that something malicious ran in the background," researchers Cristian Craioveanu and Ziv Mador said in a post Thursday on the Microsoft Malware Protection Center blog.
But the number of victims appears small because the exploits are being leveraged in targeted attacks, they said.
As a workaround, users can use Microsoft Office Isolated Conversion Environment (MOICE), a feature that helps reduce the risk of attack by forcing Office binary format files to open in the Office Open XML format, according to the advisory.
Andrew Storms, director of security operations at vulnerability management firm nCircle, said he was pleased to see that the newest file formats do not seem affected.
"It doesn't affect 2007, so it's a clear indication that the new products from Microsoft solve the problem," he said.
But users still should be wary, considering the widespread use of PowerPoint, Storms said.
"It's as ubiquitous to businesses as Excel and Word is," he told SCMagazineUS.com on Friday. "There are going to be people who are going to be hit by this."
Microsoft and Storms recommended users avoid opening files they weren't expecting to receive.
"If you get a PowerPoint [attachment] in an email that you didn't expect, hit 'Reply All' and ask, 'Did you really try to send this to me?'" Storms said. "Ensure the validity of it."
