Microsoft is considering issuing a security patch to fix a vulnerability in its PowerPoint presentation software.
The flaw allows remote attackers to run arbitrary code on the affected user’s machine. It is spread by malicious e-mails containing a rogue PowerPoint attachment.
Microsoft said it is investigating reports of limited “zero-day” attacks using a vulnerability in Microsoft PowerPoint 2000, Microsoft PowerPoint 2002, Microsoft Office PowerPoint 2003, Microsoft PowerPoint 2004 for Mac, and Microsoft PowerPoint v. X for Mac.
A zero day attack uses exploit code which has not been patched against by the software supplier, and when attacks take place before warnings can be made to users.
Microsoft said, “As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Microsoft has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability.”
Microsoft said it would consider issuing another patch ahead of its monthly scheduled security patching date, on 10 October.
Earlier this week, the company broke form its monthly patching cycle and issued a fix to plug a security hole in Internet Explorer.