Users hit by zero day PowerPoint attacks

News

Users hit by zero day PowerPoint attacks

Antony Savvas

Microsoft is considering issuing a security patch to fix a vulnerability in its PowerPoint presentation software.

The flaw allows remote attackers to run arbitrary code on the affected user’s machine. It is spread by malicious e-mails containing a rogue PowerPoint attachment.

Microsoft said it is investigating reports of limited “zero-day” attacks using a vulnerability in Microsoft PowerPoint 2000, Microsoft PowerPoint 2002, Microsoft Office PowerPoint 2003, Microsoft PowerPoint 2004 for Mac, and Microsoft PowerPoint v. X for Mac.

A zero day attack uses exploit code which has not been patched against by the software supplier, and when attacks take place before warnings can be made to users.

Microsoft said, “As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Microsoft has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability.”

Microsoft said it would consider issuing another patch ahead of its monthly scheduled security patching date, on 10 October.

Earlier this week, the company broke form its monthly patching cycle and issued a fix to plug a security hole in Internet Explorer.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy