Hackers attack via zero-day PowerPoint vulnerability

PowerPoint icon
Microsoft has issued a warning about an unpatched security hole in PowerPoint that is being exploited by hackers. The attacks rely upon hackers creating a specially crafted booby-trapped PowerPoint file that when opened on the victim’s computer runs malicious code without permission.

The good news is that the latest versions of PowerPoint (Microsoft Office PowerPoint 2007 and Microsoft Office for Mac 2008) are not affected by this critical security flaw. However, if you are running Microsoft Office PowerPoint 2000 Service Pack 3, Microsoft Office PowerPoint 2002 Service Pack 3, Microsoft Office PowerPoint 2003 Service Pack 3, or Microsoft Office 2004 for Mac in your company then you could be at risk.

Once a PC has been infected by a backdoor Trojan, hackers can gain access to the computer to steal information, to plant further malicious software, or to launch spam and/or denial-of-service attacks. Sophos has seen a number of samples of malware exploiting the vulnerability, and will shortly be releasing protection against them as Troj/ExpPPT-A. You can read more about our assessment of the vulnerability in our analysis.

We’ll have to wait and see whether Microsoft can get a fix for this vulnerability into its next scheduled bundle of security patches (due Tuesday 14 April) or earlier. As always, it’s important that patches are not rushed out without proper testing and the guys at Microsoft will be keen to ensure that they have fixed this vulnerability properly without introducing other problems.

In the past we’ve seen instances of Chinese hackers crafting malicious PowerPoint files and sending them to specific targets in an attempt to install malware and steal information from their victims.