Microsoft to patch critical PowerPoint zero-day flaw

By Robert Westervelt, News Editor 07 May 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Microsoft plans to issue one critical patch during its monthly patch cycle next week, plugging a critical flaw in its PowerPoint presentation program that is being actively targeted by attackers.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The PowerPoint vulnerability was the only bulletin identified in the Security Bulletin Advance Notification issued today by Microsoft.

Details of the flaw surfaced last month and Microsoft acknowledged that the flaw was being exploited by hackers in the wild in targeted, limited attacks. PowerPoint versions affected by the flaw are Office PowerPoint 2000 Service Pack 3, Office PowerPoint 2002 Service Pack 3, and Office PowerPoint 2003 Service Pack 3.

Recent Microsoft updates: April - Microsoft patches serious Excel zero-day, Windows flaws Microsoft is patching flaws in Excel and WordPad that are reportedly being actively exploited in the wild and could allow an attacker to gain access to sensitive data. March - Microsoft patches critical Windows kernel flaw: A critical flaw in the Windows graphics rendering component could be exploited by an attacker to gain access to sensitive data and take control of a machine.

In a Microsoft Security Advisory issued April 2, the software giant said the flaw could allow remote code execution if a user is tricked into opening a malicious PowerPoint file. The malicious PowerPoint files identified by some security vendors, contain a Trojan dropper embedded within the presentation. The file can be passed via an email message with a malicious PowerPoint attachment or by tricking users to view a malicious website containing a Trojan downloader.

"If a user is logged on with administrative user rights, an attacker could take complete control of the affected system," Microsoft said in its advisory.

Until a patch is released next week, Microsoft has issued guidance, recommending that organizations could temporarily force all PowerPoint files to open in the Microsoft Isolated Conversion Environment (MOICE). Companies that have migrated to the newer XML file format can temporarily disable the binary file format using the FileBlock registry configuration.

As it does every month, Microsoft said it would also update its Windows Malicious Software Removal Tool.

In April, Microsoft issued an update to Excel, blocking two serious remote code execution vulnerabilities, including a zero-day flaw being actively exploited by attackers. The Excel update was part of eight security bulletins issued on April 14, including five rated as critical, as part of its regularly scheduled monthly updates.

Tags: Windows Security: Alerts, Updates and Best Practices,  Securing Productivity Applications,  Security Patch Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Security: Alerts, Updates and Best Practices Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending Attackers target Microsoft IIS; new SMB flaw discovered Microsoft repairs Windows media, TCP/IP vulnerabilities Microsoft five critical updates won't include IIS Securing Productivity Applications How to detect software tampering Adobe fixes 29 flaws in Acrobat, Reader Adobe warns of critical update for Reader, Acrobat 9.1.3 Why should we place data files on a separate partition than the OS? Adobe updates ColdFusion, JRun, Flex Serious Adobe Flash flaw being exploited Adobe acknowledges serious Flash zero-day vulnerability Adobe issues security advisory for Flash zero-day flaw When to use the service features of the Metasploit hacking tool How to manage patches for Adobe Security Patch Management Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat How to manage patches for Adobe When is it suitable to remove Java updates?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BotHunter  (SearchSecurity.com) principle of least privilege (POLP)  (SearchSecurity.com) security identifier  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary