MS Advisory: Beware Unexpected PowerPoint FilesBy Ryan Naraine | Posted 2006-07-17 Email Print
In the midst of a third zero-day attack against select businesses in the Far East, Microsoft warns: Do not open or save unexpected Microsoft Office files, even if they come from a trusted source.In the midst of back-to-back zero-day attacks against select businesses in the Far East, Microsoft on July 17 released a security advisory with a terse message: Do not open or save unexpected Microsoft Office files, even if they come unexpectedly from a trusted source.
The company's advisory comes less than a week after virus hunters discovered that a previously undocumented flaw in Microsoft PowerPoint was being exploited to plant a keystroke logger on infected Windows systems.
Microsoft confirmed that the vulnerability exists in Microsoft PowerPoint 2000, Microsoft PowerPoint 2002 and Microsoft PowerPoint 2003, and said a patch is being developed and tested for release on August 8.
"In order for this attack to be carried out, a user must first open a malicious PowerPoint document attached to an e-mail or otherwise provided to them by an attacker," the Redmond, Wash., software giant said.
There are no pre-patch workarounds in the advisory. Instead, Microsoft said Windows users should avoid opening or saving Office files, especially those that arrive from untrusted sources.
If an Office fileWord, Excel or PowerPointarrives unexpectedly from a trusted source, the advice remains the same.
Read the full story on eWEEK.com: MS Advisory: Beware Unexpected PowerPoint Files