Microsoft has coughed to a new zero-day vulnerability in its PowerPoint application which can allow remote code execution should an infected file be opened.
As reported over on
BetaNews, the vulnerability – which has been confirmed by Microsoft and is detailed in the company's security advisory number
969136 – allows an attacker to execute code as the user account currently running PowerPoint. If you're running as an administrative account – as was the default in Windows XP and earlier – then said attacker has complete control over your system.
Microsoft is quick to play down the seriousness of the issue, stating that it is “
aware only of limited and targeted attacks that attempt to use this vulnerability,” and points out the requirement for user interaction – the opening of the affected PowerPoint file.
A
post on Microsoft's Security Research & Defense [sic] blog offers up a few more details regarding the issue: the flaw is being exploited in the wild, and there is no official patch. However, the team offer some advice on mitigating the risk – aside from only opening PowerPoint files from trusted sources: use the new XML file format in PowerPoint 2007 which is unaffected by the flaw; block older binary format files using
FileBlock; and force all legacy format files to open in the
Microsoft Isolated Conversion Environment.
Microsoft has yet to reveal whether a patch will be forthcoming as part of the regular Patch Tuesday release cycle, or if the situation is serious enough to warrant an out-of-cycle update.
Is this latest security flaw enough to convince you to switch to [eurl=OpenOffice.org[/eurl], or are you confident that Microsoft will have the issue fixed before it becomes a common attack? Share your thoughts over in
the forums.
Want to comment? Please log in.