Virus writers have seized upon an unpatched PowerPoint vulnerability to launch targeted attacks. The assault relies on tricking users into opening an infected PowerPoint document.

Anti-virus vendors have updated [1] signature definition files to add detection for infected documents. Microsoft is working on fixing the underlying vulnerability, which affects various versions of PowerPoint. The SANS Institute has published an advisory on attacks based on the vulnerability in its Internet Storm Centre diary here [2]. ®

Links

1. http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-071212-4413-99&tabid=2
2. http://isc.sans.org/diary.php?date=2006-07-15

Related stories

• Another day, another zero-day MS exploit (28 September 2006)

  http://www.channelregister.co.uk/2006/09/28/0-day_powerpoint_threat/

• Patch Tuesday omits critical Word fix (14 September 2006)

  http://www.channelregister.co.uk/2006/09/14/ms_patch_tuesday/

• Trojan exploits unpatched PowerPoint vulnerability (21 August 2006)

  http://www.channelregister.co.uk/2006/08/21/trojan_exploits_ppt_vuln/

• MS releases dirty dozen (9 August 2006)

  http://www.channelregister.co.uk/2006/08/09/ms_patch_tuesday/

• French MoD questions OpenOffice security (20 July 2006)

  http://www.channelregister.co.uk/2006/07/20/openoffice_france_mod_report/

• Trojan exploits unpatched Word vulnerability (22 May 2006)

  http://www.channelregister.co.uk/2006/05/22/trojan_exploit_word_vuln/

• Unofficial zero-day patches gain corporate support (4 April 2006)

  http://www.channelregister.co.uk/2006/04/04/0-day_patch_survey/

• Patches released for zero-day IE threat (29 March 2006)

  http://www.channelregister.co.uk/2006/03/29/ie_patches_released/

• MS issues Office überpatch (15 March 2006)

  http://www.channelregister.co.uk/2006/03/15/ms_march_patch_tuesday/