Microsoft issues PowerPoint zero-day warning

Microsoft has issued an advisory to warn about an under-attack zero-day vulnerability affecting its PowerPoint software.

According to the pre-patch advisory, the flaw allows remote code execution if a user opens a booby-trapped PowerPoint file. The company described the attacks as "limited and targeted."

Affected software:

Microsoft Office PowerPoint 2000 Service Pack 3
Microsoft Office PowerPoint 2002 Service Pack 3
Microsoft Office PowerPoint 2003 Service Pack 3
Microsoft Office 2004 for Mac

In the absence of a fix, Microsoft recommends the following workarounds:

• Do not open or save Office files that you receive from un-trusted sources or that are received unexpectedly from trusted sources.
• Do not open or save Office files that you receive from un-trusted sources or that are received unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a file.
• Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or untrusted sources.
  • The Microsoft Office Isolated Conversion Environment (MOICE) will protect Office 2003 installations by more securely opening Word, Excel, and PowerPoint binary format files.
• Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations.

Commenting on this Article is closed.