In the midst of back-to-back zero-day attacks against select businesses in the Far East, Microsoft on July 17 released a security advisory with a terse message: Do not open or save unexpected Microsoft Office files, even if they come unexpectedly from a trusted source.
The companys advisory comes less than a week after virus hunters discovered that a previously undocumented flaw in Microsoft PowerPoint was being exploited to plant a keystroke logger on infected Windows systems.
Microsoft confirmed that the vulnerability exists in Microsoft PowerPoint 2000, Microsoft PowerPoint 2002 and Microsoft PowerPoint 2003 and said a patch is being developed and tested for release on August 8. "In order for this attack to be carried out, a user must first open a malicious PowerPoint document attached to an e-mail or otherwise provided to them by an attacker," the Redmond, Wash., software maker said in its advisory.
There are no prepatch workarounds in the advisory. Instead, Microsoft said Windows users should avoid opening or saving Office files, especially those that arrive from untrusted sources.
If an Office file—Word, Excel or PowerPoint—arrives unexpectedly from a trusted source, the advice remains the same.
Because these file types are widely used for everyday business activities, Microsofts suggested actions may appear impractical, but independent security researchers say enterprises with valuable data stored on client machines should warn employees about the associated risks of opening strange documents.
The latest PowerPoint attack, which was launched just 24 hours after the July Patch Tuesday, includes the use of a Trojan horse program called Trojan.PPDropper.B that arrives via e-mail from a Google Gmail address. The subject line of the e-mail and the .ppt file name are in Chinese characters, suggesting that the attacks are emanating from—and attacking targets—in the Far East.