MS Advisory: Beware Unexpected PowerPoint Files

By Ryan Naraine  |  Posted 07-17-2006
In the midst of back-to-back zero-day attacks against select businesses in the Far East, Microsoft on July 17 released a security advisory with a terse message: Do not open or save unexpected Microsoft Office files, even if they come unexpectedly from a trusted source.

The company's advisory comes less than a week after virus hunters discovered that a previously undocumented flaw in Microsoft PowerPoint was being exploited to plant a keystroke logger on infected Windows systems.

Microsoft confirmed that the vulnerability exists in Microsoft PowerPoint 2000, Microsoft PowerPoint 2002 and Microsoft PowerPoint 2003, and said a patch is being developed and tested for release on August 8.

"In order for this attack to be carried out, a user must first open a malicious PowerPoint document attached to an e-mail or otherwise provided to them by an attacker," the Redmond, Wash., software giant said.

There are no pre-patch workarounds in the advisory. Instead, Microsoft said Windows users should avoid opening or saving Office files, especially those that arrive from untrusted sources.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internet's Security IT Hub.

If an Office file—Word, Excel or PowerPoint—arrives unexpectedly from a trusted source, the advice remains the same.

Read the full story on eWEEK.com: MS Advisory: Beware Unexpected PowerPoint Files