Microsoft warns of PowerPoint attack found in the wild

Microsoft this evening issued Microsoft Security Advisory (969136) which warns of an attack using malicious PowerPoint files that could allow an attacker to remotely execute code. Microsoft has not yet created a patch for the attack, although it is investigating doing so. Although Microsoft says that it has seen a small number of successful attacks in the wild, there are a number of mitigating factors that reduce the risk. These include the fact that the attacker relies on users opening up the malicious PowerPoint presentation either via an e-mail or on the Web. In a Web attack, the bad guy must trick the user into visiting an evil Web site, and then trick the person into opening the PowerPoint.

In addition, Microsoft says that the vulnerability cannot be exploited automatically through e-mail. A user must open an attachment.

Visit the Microsoft Subnet web site for more news, blogs, podcasts. Subscribe to all Microsoft Subnet bloggers. Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.) Microsoft's voice at VoiceCon is not on the show floorApril giveaways galore: Microsoft UC and Office 2007 books, free training from Global KnowledgeRogue SharePoint sites pose security menaceMicrosoft's Linux distroServer Core 2008 – SQL Server not supported Follow Microsoft Subnet on Twitter
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.