Zero-day vulnerability in PowerPoint spawns Microsoft alert

Ah, the life of a security reporter: You ask Microsoft's communcations managers if the new PowerPoint vulnerability announced Thursday evening is a zero-day vulnerability, currently being exploited in the wild with no patch to shield us, and a spokesperson responds that "At this time, Microsoft is only aware of limited and targeted attacks that attempt to use this vulnerability." In other words, yes.

Security Advisory 969136 describes the new problem as one that can allow remote code execution if the file recipient opens an infected file. The Microsoft Security Research & Defense blog is rather more useful (not to mention straightforward -- yes, they're seeing it out in the wild, used in targeted attacks), recommending several defensive maneuvers while we await a patch. Those include using PowerPoint's newer version of XML, temporarily disabling the binary file format if your organization's using PPTX, and forcing legacy PowerPoint files to open in MOICE. Bloggers Bruce Dang and Jonathan Ness note that this is the first time Office 2003 SP3 (fully patched) has been successfully attacked in the wild since its release in September 2007.