Microsoft PowerPoint targeted in new attack

Microsoft has warned of a zero-day vulnerability in its PowerPoint software, which is already being exploited by cybercriminals.

The advisory said that Office 2000, Office XP, Office 2003 and Mac Office are all vulnerable. The latest version in Office 2007 is the only one which is not.

According to the Microsoft Malware Protection Centre, they are aware of several distinct exploit files used. However, it also said that they were only being used in targeted attacks and therefore the number of affected customers was very low.

For example, an attacker would create a malicious Microsoft PowerPoint slideshow and send it as an attachment to the target's email address.

A user would simply have to open the malicious slideshow for the computer to become compromised.

The Microsoft Security Research & Defence Centre posted workarounds that users could apply to their systems.

Microsoft will decide on appropriate action in the meantime, which could mean a solution in its monthly security update or an out-of-cycle security patch.