On GameSpot: Obey the Assassin's Creed
BNET Business Network:
BNET
TechRepublic
ZDNet

April 2nd, 2009

Attackers pounce on Microsoft PowerPoint zero-day

Posted by Ryan Naraine @ 5:03 pm

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Locally Running Web Servers, Malware, Microsoft, Patch Watch, Pen testing, Phishing, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Attacker, Microsoft PowerPoint, Microsoft Corp., Microsoft Office, Office Suites, Software, Ryan Naraine

Attackers are using rigged PowerPoint files to exploit an unpatched vulnerability in Microsoft’s presentation software, according to warning late Thursday from the software maker.

In a pre-patch advisory, Microsoft described the attacks as “limited and targeted,” the kind of language that suggests it is being used to steal data from corporate or government networks.  The malware associated with the attack is a Trojan dropper embedded within an exploit in .ppt or .pps data files.

According to the advisory, the vulnerability allows remote code execution if a user opens a booby-trapped PowerPoint file.

The newest Microsoft Office PowerPoint 2007 and Microsoft Office for Mac 2008 are not affected.

Affected software:

  • Microsoft Office PowerPoint 2000 Service Pack 3
    Microsoft Office PowerPoint 2002 Service Pack 3
    Microsoft Office PowerPoint 2003 Service Pack 3
    Microsoft Office 2004 for Mac

[ SEE: New MS tool isolates Office 2003 zero-day exploits ]

Microsoft has activated its security incident response process, which includes collaboration with anti-malware partners and internal efforts to identify the buggy portions of the code.  Once the process is complete, the company will issue a bulletin with patches but this could take several months.

In the meantime, Microsoft recommends that Office users avoid opening or saving files, even from trusted sources because those could be spoofed.

[ SEE: MS Word exploit generator circulating? ]

If PowerPoint usage is heavy in your business, you should consider implementing MOICE, a tool that uses the 2007 Microsoft Office system converters to convert the Office binary format files into the Office Open XML format.

IT admins could also use the Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations.

More at Techmeme and Threatpost.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 55 Talkback(s)
I gave up on art and music
Power Point is really cool but when the terrorist hackers attack something it gets wrecked beyond use.... (Read the rest)
Posted by: BALTHOR Posted on: 05/07/09 You are currently: a Guest | | Terms of Use
Vulnerability patch cycle unacceptable  Alan Smithie | 04/03/09
The newest Microsoft Office PowerPoint 2007 is NOT affected  qmlscycrajg | 04/03/09
Patch cycle was the result of customer feedback.  ye | 04/03/09
CAT5 Rating  Alan Smithie | 04/03/09
Yep . . . grandmas knew something.  sporkfighter | 04/06/09
stupid users and companies always complain  qmlscycrajg | 04/03/09
So true. (nt)  ye | 04/03/09
Companies want...  zkiwi | 04/05/09
Not the monthly cycle...  pico_D | 04/07/09
Right  AzuMao | 04/07/09
It depends...  pico_D | 04/08/09
I understand it's a lot of work  AzuMao | 04/08/09
RE: I understand... (AzuMao)  pico_D | 04/09/09
I was just referring to the testing when I guessed a day  AzuMao | 04/09/09
Move along  Loverock Davidson | 04/03/09
Yep, Another Loser Post From The Loverock Loser  itanalyst2@... | 04/03/09
Helllllooooooooo  Alan Smithie | 04/03/09
Why am I not surprised?  sporkfighter | 04/06/09
Past the support date.  mjolnar@... | 04/06/09
Re: The newest Microsoft Office PowerPoint 2007 is not affected  wolftalamasca | 04/03/09
Much cheaper way  Alan Smithie | 04/03/09
Well said.  AzuMao | 04/06/09
Office 2003 prudct support ends on the15th.  No_Ax_to_Grind | 04/03/09
Quite aware of the product support dates  wolftalamasca | 04/05/09
My car is 22 years old . . .  sporkfighter | 04/06/09
I just hope they actually fix this  jbroche18 | 04/09/09
yet another reason to use Vista  qmlscycrajg | 04/03/09
Yet another reason to AVOID Microsoft altogether  maggietoo9 | 04/05/09
Can't wait to see how the usual suspects spin this one  whisperycat | 04/03/09
Agreed.  GuidingLight | 04/03/09
Except for the whole  AzuMao | 04/06/09
Becoming?  914four | 04/08/09
Stupid advice.  ye | 04/03/09
Not practical, but not stupid either  Ryan NaraineZDNet Moderator | 04/03/09
Good excuse to delete  Alan Smithie | 04/03/09
It's not practical hence why I said it was stupid.  ye | 04/03/09
Yes but...  914four | 04/08/09
What about the power point viewer?  wkulecz | 04/03/09
Perhaps Try Open Office Presentation?  baumgrenze | 04/06/09
Yes.  AzuMao | 04/06/09
Moral of the story  whisperycat | 04/03/09
Not only that...  TranMan | 04/06/09
But..  AzuMao | 04/06/09
RE: Attackers pounce on Microsoft PowerPoint zero-day  eiverson@... | 04/03/09
Incompetent admins blame their end users  ThePrairiePrankster | 04/03/09
RE: Attackers pounce on Microsoft PowerPoint zero-day  NerdHerd007 | 04/06/09
Users can switch to OpenOffice.Org for security  darkonc | 04/06/09
Wait...  nix_hed | 04/06/09
Oh man...  readwryt@... | 04/06/09
falacy of Borg:  pgit | 04/06/09
more meaningless crap  dgurney | 04/06/09
RE: Attackers pounce on Microsoft PowerPoint zero-day  JOHN_TUOHY | 04/07/09
RE: Attackers pounce on Microsoft PowerPoint zero-day  JelMin | 04/07/09
If they allowed innovation like that  AzuMao | 04/08/09
I gave up on art and music  BALTHOR | 05/07/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

  • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
  • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
  • Smart People The best and worst moves in the management and strategy trenches. Learn More