Microsoft released a solitary security update for its monthly Patch Tuesday report, repairing at least 14 critical vulnerabilities in Microsoft Office PowerPoint that allowed remote hackers to execute malicious code on users' computers to infect systems and steal data.
Microsoft first issued the security advisory in April, warning users about a zero day attack exploiting the critical PowerPoint flaw. Although the error has been exploited in the wild, Microsoft maintained in its advisory that the exploit appeared to be used in "limited and targeted attacks."
The error affects numerous versions of Microsoft Office PowerPoint, including PowerPoint 2000, PowerPoint XP, PowerPoint 2003 and Microsoft Office PowerPoint 2004 for Mac. However, vulnerabilities in later versions of the application, including Microsoft Office PowerPoint 2007 and Microsoft Office for Mac 2008, were given the less severe ranking of "important."
Specifically, the bug stems from a memory glitch that occurs when parsing a specially crafted PowerPoint file, which subsequently enables remote hackers to launch malicious code stealthily onto users' PCs.
Users can become infected by opening a maliciously crafted PowerPoint attachment in an e-mail that would immediately download a Trojan onto their systems. Users also could become infected by clicking on an embedded link sent via e-mail or IM, redirecting them to a Web site infused with malicious code.
Once users became infected, the attacker could run code with the same access privileges as an authenticated user, or take complete control of the affected machine to steal, alter or delete sensitive data.
"It will allow code to run on the person's machine under the context of their user account," said Eric Schultze, chief technology officer for Shavlik Technologies. "It could do anything, deleting files, stealing credit card numbers ... basically anything it wants."
Schultze said that May's security update was slightly unusual due to the speed with which Microsoft created a repair. Microsoft first alerted the public to the critical PowerPoint flaw April 3.
"They did jump on this one pretty quickly, which is in everyone's best interest," Schultze said. "There's a two- to three-week testing period, which means they only had two to three weeks to build the entire patch."
Security experts recommend that users immediately apply the PowerPoint patch to prevent their systems from becoming infected remotely. Suggested workarounds also include using Microsoft Office Isolated Conversion Environment when opening files from unknown sources, as well as using the File Block policy to impede Office 2003 and earlier documents from being opened.
Additionally, security experts recommend that users avoid opening or saving unsolicited Office files received from unknown sources.
"Don't open a PowerPoint document from someone you don't know," Schultze said. "Or better yet, just install the patch and go about your business."
