Microsoft has released a security advisory for a vulnerability in some versions of PowerPoint, which has been exploited in the wild.
PowerPoint versions 2000, 2002, and 2003 are all vulnerable to attack by opening a malicious PPT file that exploits the vulnerability. Microsoft says that "limited and targeted attacks" have been seen in the wild. Office 2004 for Mac is also technically vulnerable, but an attack for it would have to be custom-written for the Mac.
As with many attacks in the past, the older Office file formats are at issue here, not the new ones. In fact, one mitigation users may take is to use MOICE (the Microsoft Office Isolated Conversion Environment), an add-on for earlier versions of Office that automatically converts old file formats into the new ones and uses them in that form. But the main advice is that not open files from untrusted sources.
If you think you may have been affected, which is unlikely because when Microsoft uses the term "limited and targeted attacks" it usually means that one or two attacks have been observes, you can scan your system with Microsoft's Windows Live OneCare safety scanner. The malicious PPT files are detected as Exploit:Win32/Apptom.gen.
No comments:
Post a Comment