Zero-day PowerPoint vuln confirmed

April 6, 2009 // 2:38 p.m.

Tags: #exploit #fileblock #in-the-wild #microsoft #moice #office #powerpoint #remote-code-execution #vuln #vulnerability

Microsoft has coughed to a new zero-day vulnerability in its PowerPoint application which can allow remote code execution should an infected file be opened.

As reported over on BetaNews, the vulnerability – which has been confirmed by Microsoft and is detailed in the company's security advisory number 969136 – allows an attacker to execute code as the user account currently running PowerPoint. If you're running as an administrative account – as was the default in Windows XP and earlier – then said attacker has complete control over your system.

Microsoft is quick to play down the seriousness of the issue, stating that it is “aware only of limited and targeted attacks that attempt to use this vulnerability,” and points out the requirement for user interaction – the opening of the affected PowerPoint file.

A post on Microsoft's Security Research & Defense [sic] blog offers up a few more details regarding the issue: the flaw is being exploited in the wild, and there is no official patch. However, the team offer some advice on mitigating the risk – aside from only opening PowerPoint files from trusted sources: use the new XML file format in PowerPoint 2007 which is unaffected by the flaw; block older binary format files using FileBlock; and force all legacy format files to open in the Microsoft Isolated Conversion Environment.

Microsoft has yet to reveal whether a patch will be forthcoming as part of the regular Patch Tuesday release cycle, or if the situation is serious enough to warrant an out-of-cycle update.

Is this latest security flaw enough to convince you to switch to [eurl=OpenOffice.org[/eurl], or are you confident that Microsoft will have the issue fixed before it becomes a common attack? Share your thoughts over in the forums.

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU