Microsoft plans PowerPoint zero-day patch

By Bill Brenner, Senior News Writer 18 Jul 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Microsoft has determined that the recently discovered Microsoft PowerPoint flaws are serious enough to merit a fix in time for the next "Patch Tuesday," if not sooner.

The software giant released an advisory Monday confirming the existence of a zero-day flaw affecting PowerPoint 2000, 2002 and 2003, which attackers have actively exploited since last week.

"Microsoft is completing development of a security update for Microsoft PowerPoint that addresses this vulnerability," the software giant said. "The security update is now being finalized through testing to ensure quality and application compatibility and is on schedule to be released as part of the August security updates on Aug. 8, 2006, or sooner as warranted."

The exploit arrives by email as a Microsoft PowerPoint document attachment, Cupertino, Calif.-based antivirus giant Symantec Corp. warned last week in an advisory sent to customers of its DeepSight Threat Management System. When an end-user opens the PowerPoint document, the vulnerability is triggered and attackers are then able to run malicious code on a victim's machine.

"The vulnerability occurs when PowerPoint handles a specially malformed .ppt file, most likely exploiting an issue in the 'MSO.DLL' library file," Symantec said, adding that the flaw was being targeted by malicious code identified as Trojan.PPDropper-B.

The zero-day flaw came to light within a couple days of Microsoft's July patch update, which fixed eight different holes in Microsoft Excel as well as additional flaws in Microsoft Office. Soon after security holes were also found in PowerPoint.

Danish vulnerability clearinghouse Secunia issued an advisory Tuesday warning of a new PowerPoint flaw in addition to the previously reported flaws.

"The vulnerability is caused due to the application using data taken directly from a PowerPoint presentation file as a pointer when saving or closing the presentation," Secunia said. "This can be exploited to corrupt memory and manipulate the program flow in various ways."

The firm said successful exploitation crashes the application and potentially lets an attacker launch malicious code, though the latter hasn't been proven. Secunia confirmed the flaw on a fully patched Windows XP SP2 machine running Microsoft PowerPoint 2003.

Until it issues a security bulletin, Microsoft's advice is that users not open or save Microsoft Office files that come from untrusted sources or are received unexpectedly from trusted sources.

Tags: Securing Productivity Applications,  Malware, Viruses, Trojans and Spyware,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Securing Productivity Applications Software piracy group offers cash to whistleblowers How to secure a .pdf file How do hackers bypass a code signing procedure to inject malware Quiz: How to build secure applications How to detect software tampering Adobe fixes 29 flaws in Acrobat, Reader Adobe warns of critical update for Reader, Acrobat 9.1.3 Why should we place data files on a separate partition than the OS? Adobe updates ColdFusion, JRun, Flex Serious Adobe Flash flaw being exploited Malware, Viruses, Trojans and Spyware The world's top 5 riskiest domains New Zeus spam poses as Social Security statements Increase in Gumblar backdoors poses FTP credential problems Hackers to sharpen malware, malicious software in 2010 iPhone worm Rickrolls jailbroken phones Israeli Mossad add Trojan Horse to Syrian laptop Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary sheepdip  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary