Microsoft plans PowerPoint zero-day patch

By Bill Brenner, Senior News Writer 18 Jul 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Microsoft has determined that the recently discovered Microsoft PowerPoint flaws are serious enough to merit a fix in time for the next "Patch Tuesday," if not sooner.

The software giant released an advisory Monday confirming the existence of a zero-day flaw affecting PowerPoint 2000, 2002 and 2003, which attackers have actively exploited since last week.

"Microsoft is completing development of a security update for Microsoft PowerPoint that addresses this vulnerability," the software giant said. "The security update is now being finalized through testing to ensure quality and application compatibility and is on schedule to be released as part of the August security updates on Aug. 8, 2006, or sooner as warranted."

The exploit arrives by email as a Microsoft PowerPoint document attachment, Cupertino, Calif.-based antivirus giant Symantec Corp. warned last week in an advisory sent to customers of its DeepSight Threat Management System. When an end-user opens the PowerPoint document, the vulnerability is triggered and attackers are then able to run malicious code on a victim's machine.

"The vulnerability occurs when PowerPoint handles a specially malformed .ppt file, most likely exploiting an issue in the 'MSO.DLL' library file," Symantec said, adding that the flaw was being targeted by malicious code identified as Trojan.PPDropper-B.

The zero-day flaw came to light within a couple days of Microsoft's July patch update, which fixed eight different holes in Microsoft Excel as well as additional flaws in Microsoft Office. Soon after security holes were also found in PowerPoint.

Danish vulnerability clearinghouse Secunia issued an advisory Tuesday warning of a new PowerPoint flaw in addition to the previously reported flaws.

"The vulnerability is caused due to the application using data taken directly from a PowerPoint presentation file as a pointer when saving or closing the presentation," Secunia said. "This can be exploited to corrupt memory and manipulate the program flow in various ways."

The firm said successful exploitation crashes the application and potentially lets an attacker launch malicious code, though the latter hasn't been proven. Secunia confirmed the flaw on a fully patched Windows XP SP2 machine running Microsoft PowerPoint 2003.

Until it issues a security bulletin, Microsoft's advice is that users not open or save Microsoft Office files that come from untrusted sources or are received unexpectedly from trusted sources.

Tags: Securing Productivity Applications,  Malware, Viruses, Trojans and Spyware,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Securing Productivity Applications Adobe fixes critical Shockwave Flash Player flaw Adobe issues first quarterly patch release fixing 13 flaws Adobe shifts to Microsoft patching process, incident response plan Balancing security and performance: Protecting layer 7 on the network Software Piracy pandemic needs government role, better vendor antipiracy plans McAfee to acquire Solidcore Systems for whitelisting Adobe issues Reader update fixing zero-day flaw Microsoft to patch critical PowerPoint zero-day flaw PCI DSS: Best practices for compliance Adobe working on patch to correct new zero-day flaw Malware, Viruses, Trojans and Spyware How to get rid of malware, botnets on a hospital IT network Should a national cybersecurity strategy include offensive botnets? How to prevent mobile phone spying How can search results lead to malware? How to defend against rogue DHCP server malware New Trojan stealing FTP credentials, attacking FTP websites Cybercriminals exploit Michael Jackson, Farrah Fawcett deaths When BIOS updates become malware attacks Antispyware buying guide for Indian enterprises PCI compliance requirement 5: Antivirus

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary sheepdip  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary