Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

New Zero-Day PowerPoint Exploit


  • Please log in to reply

#1
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
A new zero-day exploit was disclosed over the weekend for an unpatched flaw in Microsoft's PowerPoint software, which could allow for an attacker to take complete control of an affected system and run arbitrary code.

Although details on the exploit are scant, it is known the malware that is distributing the exploit is a trojan horse.

It is believed that the flaw allowing for the attacks is a new vulnerability, although it may be related to some issues resolved in this month's Patch Tuesday updates. Affected operating systems include all versions of Windows, according to security researchers.

Finnish security expert Juha-Matti Laurio said that the exploit was first found last week in the wild. "The best advice is to use anti-virus software protecting from this specific malware and check that virus signature files are up-to-date," he wrote in the SecuriTeam blog Sunday.

Laurio identified the name of the file reportedly distributing the exploit, TROJ_SMALL.CMZ, and said the size of the PowerPoint file delivering the offending code is 72K. A check of the top antivirus programs did not show that antivirus definition files were protecting against the exploit, although Laurio said that some may already be doing so, but have not updated their Web sites due to the weekend.

In the meantime, Laurio stressed PowerPoint users should use caution when opening up files from outside sources until a fix is provided. "These days you can't trust that the sender information included to message PowerPoint file attached is truthful," he said. "If you are not sure, you can always call to the sender if e-mail including .PPT attachments arrives unexpectedly."

As of press time, Microsoft had not yet confirmed the issue. The company regularly announces new threats to Windows and Office, and schedules a fix for the next Patch Tuesday release.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP