Zero-day attacks continue to hit Microsoft

Microsoft issued a rare, out-of-cycle Windows patch on Tuesday that fixed one flaw, but attacks through other known, yet-to-be-plugged holes continue. Microsoft on Wednesday warned of "limited zero-day attacks" that exploit a new flaw in PowerPoint, Microsoft's widely used presentation tool. For the attack to be carried out, a user must first open a malicious PowerPoint file attached to an e-mail or otherwise provided to them by an attacker, Microsoft said in a security advisory.

"This issue can allow remote attackers to execute arbitrary code on a vulnerable computer," Symantec said in an alert sent to customers. The flaw affects PowerPoint in Office 2000, Office XP and Office 2003 on Windows and Apple Computer's Mac OS X, it said. Attacks appear to be aimed at specific targets, Symantec said.

For temporary protection against PowerPoint attacks, Microsoft suggests keeping security software up-to-date and not opening presentations files from untrusted sources. Also, PowerPoint Viewer 2003 is not vulnerable, the company said.

Link: Microsoft Security Advisory (925984)
View: Full Article @ C|Net News

Report a problem with article
Previous Story

Windows Vista build 5728 Galleries

Next Story

Symantec: Microsoft won't give us key Vista tech

0 Comments

Commenting is disabled on this article.

There are no comments