July 13, 2006 3:24 PM PDT

New PowerPoint hole used in cyberattacks

Deja vu? Only a day after Microsoft's monthly patch day, a new security hole in Microsoft Office is being exploited in cyberattacks.

These attacks take advantage of a previously unknown vulnerability in PowerPoint for which no patch is available, security experts at Symantec said in an alert issued Wednesday. The flaw might affect Microsoft Office in general, according to the alert.

Microsoft is investigating the issue, it said in an e-mailed statement Thursday. The company is aware of attacks that exploit the flaw, but those are "extremely limited, targeted attacks," it said. For an attack to be successful, users must open a malicious PowerPoint file provided to them, for example via e-mail, Microsoft noted.

It seems like history is repeating itself. Days after last month's "Patch Tuesday," security experts raised the alarm on a "zero-day" flaw in Microsoft's Excel that was being used in targeted attacks. Microsoft released a fix for the Excel vulnerability on Tuesday.

Like the Excel flaw, the PowerPoint vulnerability can allow an attacker to gain complete control over a vulnerable PC, Symantec said. "When a user launches the (malicious) PowerPoint document, the vulnerability is triggered. Successful exploitation of this issue leads to remote code execution," Symantec said in its alert.

On Tuesday, Microsoft released seven security bulletins with fixes for 18 vulnerabilities in several of its products, including many in Office. Some security experts believe the timing of an attack right after a monthly patch day is no coincidence. Microsoft typically does not release fixes outside of its monthly patching cycle for such flaws.

"It looks like the bad guys are waiting for the Microsoft patch days in order to use some more vulnerabilities in Office," said Andreas Marx, an antivirus software specialist at the University of Magdeburg in Germany. "They will now have at least one more month for their attacks."

Microsoft said it will take action to protect customers upon completion of its investigation into the new flaw. This may include issuing a security advisory or providing a security update through its monthly release process, the company said.

Meanwhile, the software giant left two already known security vulnerabilities unfixed on Tuesday. One of the flaws lies in a Windows component called "hlink.dll" and could be exploited by crafting a malicious Excel file. Another affects Japanese, Korean and Chinese language versions of Excel. Both flaws could completely compromise a PC if a targeted user opens a malicious file.

Although Microsoft was aware of the two vulnerabilities prior to the July security bulletin release, both issues were reported too late in the engineering process for the company to include security updates with the July release, a Microsoft spokesman said.

Proof of concept code that exploits both flaws has been released publicly for both of these flaws, but there are no reports of active attacks, Microsoft said.

"So we have two old unpatched holes and one new one," Marx said. "We're up to three troublemakers now. Excel and PowerPoint can be quite dangerous, at least until the next patch day."

See more CNET content tagged:
flaw, cyberattack, Microsoft PowerPoint, security expert, vulnerability


Join the conversation!
Add your comment
Easy Patch: Install OpenOffice.
Just go to openoffice.org and download the FREE OpenOffice suite. It's fully compatible with MS Office with the exception of MS Script/Macros. And set OpenOffice as default application to open Excel, Word and PowerPoint files. No Exploit.
Posted by kamwmail-cnet1 (292 comments )
Reply Link Flag
Easier Patch....Just say NO to any M$ product
Until the multitude of lemmings out there stop giving their hard
earned $ to the crooks in Redmond, they will keep pumping out

While Office for the Mac is a great product in terms of productivity,
it remains the most dangerous thing on my PowerBook. And, the
Mac version of office is infinitely better than the Windoze version.
Hats off to M$'s Mac Business Unit!
Posted by Dr Dude (49 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.