Hackers have launched attacks targeting an unpatched flaw in Microsoft PowerPoint, Microsoft warned on Thursday.
The vulnerability, which affects Microsoft Office 2000 SP3, 2002 SP3 and 2003 SP3, can be exploited by getting a user to open a PowerPoint file rigged for the attack. When the file is opened, PowerPoint will access an invalid object in memory. That then allows an attacker to remotely execute code on the system.
In a security advisory, Microsoft said that at present, attacks are not widespread, but they are tailored to affect specific victims.
"Microsoft is investigating new reports of a vulnerability in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file," said the advisory. "At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability."
While there is currently no fix for the PowerPoint flaw, Microsoft said that it may release one outside its monthly patching schedule. Workarounds suggested by the company include users not opening files received from untrusted sources, using the Microsoft Office Isolated Conversion Environment (MOICE) to open untrusted files, and using Microsoft Office File Block policy to restrict the opening of Office 2003 and earlier documents.
Microsoft's last major PowerPoint patch, which came out in August 2008, addressed three critical flaws in the software.
Talkback
The vulnerability allows arbitrary code to be executed at the users’ current level of privilege. The user either downloads the malicious PowerPoint file from a website or receives the file via email. Once the user opens the PowerPoint file, additional malware is downloaded and executed on the users’ PC.
This piece of malware can potentially include anything from a rootkit – taking complete control of the users’ PC; a Key Logger – to steal the users’ financial credentials; or malware – to convert the PC to a SPAM-spewing or malware-hosting pawn in a botnet.
Once again, this incident highlights the added value of Application Control in automatically providing protection by preventing any untrusted software – that is not explicitly permitted by policy that’s been downloaded via the Internet, transferred via a USB stick or installed from a CD/DVD – from having the ability to execute on a users’ PC.
Further, it reminds us that a reduced level of privilege for our users can afford significant risk mitigation in the current malware-ridden environment that exists. Simply put, you are not only limiting the users’ rights, you are potentially limiting the rights of malware that may infect the users’ PC.
A recent study by BeyondTrust found that 92% of critical Microsoft vulnerabilities could have been stopped or mitigated by simply eliminating the practice of giving users “administrator” rights.
The study also found that eliminating admin rights would have stopped or mitigated:
* 94% of Microsoft Office vulnerabilities reported in 2008
* 89% of Internet Explorer vulnerabilities reported in 2008
* 53%of Microsoft Windows vulnerabilities reported in 2008
Be cautious and do not open any PowerPoint files contained within email or downloaded from the Internet unless it was explicitly expected from a known and trusted source.