Microsoft issued a security advisory Thursday, warning users about a zero-day attack exploiting a critical vulnerability in Microsoft Office PowerPoint that could allow remote hackers to launch arbitrary code on their PCs. Microsoft confirmed in its advisory that exploit code was being used in the wild, but added that so far the flaw appears to be used in "limited and targeted attacks."
The error affects numerous versions of Microsoft Office PowerPoint, including PowerPoint 2000, PowerPoint XP, PowerPoint 2003 and Microsoft Office PowerPoint 2004 for Mac. However, later versions, including Microsoft Office PowerPoint 2007 and Microsoft Office PowerPoint for Mac 2008, are not affected.
Specifically, the vulnerability results from a memory glitch that occurs when parsing a specially crafted PowerPoint file, which then opens the door for remote attackers to launch malicious code. Users can become infected by opening a maliciously crafted PowerPoint attachment in an e-mail, which would subsequently download a Trojan onto their systems. Attackers could also launch an attack after enticing their victims to visit a Web site laden with malicious code, typically with an infected link embedded in e-mail or IM.
Once the vulnerability was exploited, the attacker could run code with the same access privileges as an authenticated user, or take complete control of the affected machine to steal, alter or delete sensitive information.
Microsoft said it was initiating its security incident response procedure and is enlisting the help of other security partners to remedy the error with a fix that could be included in a regular monthly update bundle or an out-of-band patch.
However, while no security updates have been released, there are some mitigating measures users can take to protect themselves from an exploit. Microsoft warns that users should not open or save Office files received from unfamiliar sources. Suggested workarounds also include using Microsoft Office Isolated Conversion Environment when opening files from unknown or untrusted sources, as well as using the File Block policy to impede opening of Office 2003 and earlier documents.