Microsoft issued a rare, out-of-cycle Windows patch on Tuesday that fixed one flaw, but attacks through other known, yet-to-be-plugged holes continue. Microsoft on Wednesday warned of "limited zero-day attacks" that exploit a new flaw in PowerPoint, Microsoft's widely used presentation tool. For the attack to be carried out, a user must first open a malicious PowerPoint file attached to an e-mail or otherwise provided to them by an attacker, Microsoft said in a security advisory.
"This issue can allow remote attackers to execute arbitrary code on a vulnerable computer," Symantec said in an alert sent to customers. The flaw affects PowerPoint in Office 2000, Office XP and Office 2003 on Windows and Apple Computer's Mac OS X, it said. Attacks appear to be aimed at specific targets, Symantec said.
For temporary protection against PowerPoint attacks, Microsoft suggests keeping security software up-to-date and not opening presentations files from untrusted sources. Also, PowerPoint Viewer 2003 is not vulnerable, the company said.