Microsoft announced a problem with PowerPoint late Friday, related to a series of public reports about a new vulnerability aimed at the office application. According to the advisory, the flaw discovered within PowerPoint is being exploited in the wild on a limited scale. The good news, this PowerPoint flaw has nothing to do with Conficker.
Microsoft reports on recent discovery of a vulnerability in PowerPoint.(IMG:Microsoft)
The advisory from Redmond says that the payload served by the rogue PowerPoint files will download other malicious applications including Keyloggers, rootkits, and bot related Malware.
The PowerPoint vulnerability affects Office 2000, Office XP, Office 2003, and Office versions for Macintosh. However, Office 2007 has been left untouched by the issues. The exploitation of the flaw, according to Microsoft, will lead to code execution. So while the likelihood of attack is low, the aftermath of a successful targeted attack is critical.
“The Malware samples we have seen exploiting this vulnerability are the first reliable exploits we have seen in the wild that infect Office 2003 SP3 with the latest security updates. Office 2003 SP3 (released Sept 2007) had a good run being safe from the bad guys but we missed this bug while back-porting fixes found in the Office 12 fuzzing effort to Office 2003 SP3,” said Bruce Dang and Jonathan Ness, in a blog post on the SRD website.
Like the previous Office advisory, related to Excel, protection and mitigation for this new flaw is the same. Use caution when accessing PowerPoint files online and never open PPT files sent at random over email. In addition, the Malware downloaded is of the common variety, so updated anti-Virus protections will help protect your system too.
Moreover, another mitigation technique is to limit the use of Administrator accounts in Windows environments. While this tip focuses on IT mostly, home users should avoid using Administrator accounts as well.
“Simply put, you are not only limiting the users’ rights, you are potentially limiting the rights of malware that may infect the users’ PC,” commented Paul Henry on the Lumension Blog. Henry also pointed to a report from BeyondTrust, which looked at the patches issued by Microsoft in 2008 and drew some interesting conclusions about access levels.
“An examination of all vulnerabilities documented by Microsoft in Security Bulletins issued in 2008 reveals that configuring users to operate without administrator rights enables organizations to mitigate the effects of 92% of Critical Microsoft vulnerabilities,” noted the report.
“Furthermore, by removing administrator rights companies will harden their endpoint security against the exploitation of 94% of Microsoft Office, 89% of Internet Explorer, and 53% of Microsoft Windows vulnerabilities. Of the total published vulnerabilities, 69% are mitigated by removing administrator rights.”
The BeyondTrust report, previously covered on The Tech Herald, is here. The Microsoft advisory related to the PowerPoint vulnerability is here.
The Tech Herald: New Excel vulnerability discovered – the risk is low, so don’t panic (UPDATE)
The Tech Herlad: Microsoft patches critical Kernel flaw but not Excel vulnerability
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Comment on this Story