Zero-Day PowerPoint Vulnerability Spawns Trojan Attacks
Rigged PowerPoint files are being used to exploit an unpatched vulnerability in Microsoft’s presentation software, according to warning late Thursday from Microsoft who has confirmed that hackers are using the flaw to assault vulnerable systems.
The attacks rely on tricking prospective marks into opening a maliciously crafted PowerPoint file, either hosted on a website or sent via email. In both scenarios users would have to open a booby-trapped PowerPoint designed to exploit the vulnerability.
In a statement published on Thursday, Microsoft said it was “aware only of limited and targeted attacks that attempt to use this vulnerability”.
Net security firm McAfee said it has “discovered multiple attacks in the field using the PowerPoint exploit” to install Trojans onto vulnerable systems. Hackers have crafted these exploits in an attempt to disguise malign actions, it adds. “Some of these specially crafted exploits arrived as PowerPoint Showfiles with the ‘.pps’ extension,” McAfee reports. “Such files typically open in full screen mode and hide the applications running on the desktop, such as system monitoring tools that could give any clue to the dodgy installation of Trojans to the victim.”
Affected software packages include fully patched versions of Microsoft Office PowerPoint 2000, PowerPoint 2002, PowerPoint 2003 and Microsoft Office 2004 for Mac. Other versions including Microsoft Office PowerPoint 2007 and Microsoft Office 2008 for Mac are in the clear.
Microsoft said it was investigating the problem, something that normally results in a patch. The next scheduled Patch Tuesday falls on 14 April, but the necessary update may or may not be ready in time. Microsoft has to find time to develop and test a patch, the particular technical difficulty of which remains unclear and perhaps unknowable outside Redmond.
Microsoft holds back details of flaws until patches become available and has activated its security incident response process, which includes collaboration with anti-malware partners and internal efforts to identify the buggy portions of the code. Once the process is complete, the company will issue a bulletin with patches.
In the meantime, Microsoft recommends that Office users avoid opening or saving files, even from trusted sources because those could be spoofed. PowerPoint users should consider implementing MOICE (http://support.microsoft.com/kb/935865), a tool that uses the 2007 Microsoft Office system converters to convert the Office binary format files into the Office Open XML format.
An unpatched Excel flaw, which is also the subject of targeted attacks since late February, failed to appear in Microsoft’s March patch batch.
Credit: The Register
More on CyberInsecure:
Posts
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.