There's more bad news for Office users. An unpatched bug in Microsoft's PowerPoint presentation maker is being exploited.
An unpatched bug in Microsoft's PowerPoint presentation maker is being exploited by an in-the-wild attack, Symantec researchers said Thursday, marking the latest bad news for Office users.
According to the Cupertino, Calif. security vendor's threat analysis team, attacks are currently under way using an unpatched vulnerability in PowerPoint. If the "zero-day" attack is successful, the hacker gains complete control of the compromised computer.
The attack is carried out by a Trojan horse with the moniker "PPDDropper.b," which hides inside a malicious PowerPoint file attached to an e-mail with a Google Gmail return address. PPDDropper.b, in turn, drops a backdoor component, dubbed "Bifrose.e" by Symantec. Bifrose.e then injects a malicious routine into Windows' EXLORER.EXE process, and overwrites the malformed PowerPoint file with a new, clean presentation document.
"The attackers are trying to slide under the radar," said David Cole, the director of Symantec's security response center. "Once they get onto a PC, they think if they delete the infected file there's less chance of getting caught.
"They're trying to get rid of the evidence, throw away the crowbar they used to wedge the door open," Cole added.
That part of the process is identical to one used last month by a now-patched Excel attack. In fact, said Cole, there were several other similarities between the Excel and PowerPoint exploits.
"Both use a two-step attack, a dropper Trojan and a backdoor," he said. "Both were launched by messages written in Chinese."
The similarities led Cole to believe that the two attacks could be the work of the same group. "That's as much as we could say, though, at this point."
Unlike the Excel bug, the PowerPoint flaw -- confirmed only in PowerPoint 2003 thus far -- remains open to attack. Microsoft issued three security updates Tuesday to fix various versions of Office and its applications, but the Thursday bug was not among the 13 flaws patched.
"The attention to Office underlines the shift toward target attacks," Cole said. "If espionage and data theft are why attacks take place, what format is that data in? Microsoft Office. It's really that simple."
Symantec advised users to avoid opening PowerPoint documents received via e-mail until a patch was issued by Microsoft; its researchers also told users to consult the mitigation tactics laid out in the MS06-038 security bulletin posted Tuesday on the Microsoft Web site.
Microsoft did not immediately respond to a request for confirmation from its Security Response Center (MSRC).
IT's Reputation: What the Data SaysInformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.