Microsoft plans to issue one critical patch during its monthly patch cycle next week, plugging a critical flaw...
in its PowerPoint presentation program that is being actively targeted by attackers.
The PowerPoint vulnerability was the only bulletin identified in the Security Bulletin Advance Notification issued today by Microsoft.
Details of the flaw surfaced last month and Microsoft acknowledged that the flaw was being exploited by hackers in the wild in targeted, limited attacks. PowerPoint versions affected by the flaw are Office PowerPoint 2000 Service Pack 3, Office PowerPoint 2002 Service Pack 3, and Office PowerPoint 2003 Service Pack 3.
In a Microsoft Security Advisory issued April 2, the software giant said the flaw could allow remote code execution if a user is tricked into opening a malicious PowerPoint file. The malicious PowerPoint files identified by some security vendors, contain a Trojan dropper embedded within the presentation. The file can be passed via an email message with a malicious PowerPoint attachment or by tricking users to view a malicious website containing a Trojan downloader.
"If a user is logged on with administrative user rights, an attacker could take complete control of the affected system," Microsoft said in its advisory.
Until a patch is released next week, Microsoft has issued guidance, recommending that organizations could temporarily force all PowerPoint files to open in the Microsoft Isolated Conversion Environment (MOICE). Companies that have migrated to the newer XML file format can temporarily disable the binary file format using the FileBlock registry configuration.
As it does every month, Microsoft said it would also update its Windows Malicious Software Removal Tool.
In April, Microsoft issued an update to Excel, blocking two serious remote code execution vulnerabilities, including a zero-day flaw being actively exploited by attackers. The Excel update was part of eight security bulletins issued on April 14, including five rated as critical, as part of its regularly scheduled monthly updates.