There's more bad news for Office users. An unpatched bug in Microsoft's PowerPoint presentation maker is being exploited.
An unpatched bug in Microsoft's PowerPoint presentation maker is being exploited by an in-the-wild attack, Symantec researchers said Thursday, marking the latest bad news for Office users.
According to the Cupertino, Calif. security vendor's threat analysis team, attacks are currently under way using an unpatched vulnerability in PowerPoint. If the "zero-day" attack is successful, the hacker gains complete control of the compromised computer.
The attack is carried out by a Trojan horse with the moniker "PPDDropper.b," which hides inside a malicious PowerPoint file attached to an e-mail with a Google Gmail return address. PPDDropper.b, in turn, drops a backdoor component, dubbed "Bifrose.e" by Symantec. Bifrose.e then injects a malicious routine into Windows' EXLORER.EXE process, and overwrites the malformed PowerPoint file with a new, clean presentation document.
"The attackers are trying to slide under the radar," said David Cole, the director of Symantec's security response center. "Once they get onto a PC, they think if they delete the infected file there's less chance of getting caught.
"They're trying to get rid of the evidence, throw away the crowbar they used to wedge the door open," Cole added.
That part of the process is identical to one used last month by a now-patched Excel attack. In fact, said Cole, there were several other similarities between the Excel and PowerPoint exploits.
"Both use a two-step attack, a dropper Trojan and a backdoor," he said. "Both were launched by messages written in Chinese."
The similarities led Cole to believe that the two attacks could be the work of the same group. "That's as much as we could say, though, at this point."
Unlike the Excel bug, the PowerPoint flaw -- confirmed only in PowerPoint 2003 thus far -- remains open to attack. Microsoft issued three security updates Tuesday to fix various versions of Office and its applications, but the Thursday bug was not among the 13 flaws patched.
"The attention to Office underlines the shift toward target attacks," Cole said. "If espionage and data theft are why attacks take place, what format is that data in? Microsoft Office. It's really that simple."
Symantec advised users to avoid opening PowerPoint documents received via e-mail until a patch was issued by Microsoft; its researchers also told users to consult the mitigation tactics laid out in the MS06-038 security bulletin posted Tuesday on the Microsoft Web site.
Microsoft did not immediately respond to a request for confirmation from its Security Response Center (MSRC).
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.