Microsoft issues PowerPoint zero-day warning

Microsoft has issued an advisory to warn about an under-attack zero-day vulnerability affecting its PowerPoint software.
According to the pre-patch advisory, the flaw allows remote code execution if a user opens a booby-trapped PowerPoint file. The company described the attacks as “limited and targeted.”

Microsoft has issued an advisory to warn about an under-attack zero-day vulnerability affecting its PowerPoint software.

According to the pre-patch advisory, the flaw allows remote code execution if a user opens a booby-trapped PowerPoint file. The company described the attacks as “limited and targeted.”

Affected software:

Microsoft Office PowerPoint 2000 Service Pack 3
Microsoft Office PowerPoint 2002 Service Pack 3
Microsoft Office PowerPoint 2003 Service Pack 3
Microsoft Office 2004 for Mac

In the absence of a fix, Microsoft recommends the following workarounds:

  • Do not open or save Office files that you receive from un-trusted sources or that are received unexpectedly from trusted sources.
  • Do not open or save Office files that you receive from un-trusted sources or that are received unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a file.
  • Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or untrusted sources.
    • The Microsoft Office Isolated Conversion Environment (MOICE) will protect Office 2003 installations by more securely opening Word, Excel, and PowerPoint binary format files.
  • Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.