New threat for PPT 2003, 2002 and 2000
Microsoft has advised a new security threat involving .PPT .POT and .PPS files.
It is possible for one of those file types to be infected with a new virus which takes advantage of an unpatched security hole in PowerPoint. You can get an infected file in any way; email, network share, USB stick, floppy disk, carrier pigeon – whatever.
The danger lies if you open an infected file, it can take advantage of a security lapse in PowerPoint to install unwanted software on your computer.
According to Microsoft these versions are vulnerable:
- PowerPoint 2003 with Service Pack 3
- PowerPoint 2002 (XP) with Service Pack 3
- PowerPoint 2000 for Service Pack 3
- Powerpoint in Office 2004 for Mac
The references to ‘Service Pack 3’ does NOT mean that PowerPoint with other service packs or none are safe – Microsoft now only reports on the SP3 versions.
Other PowerPoint versions are not on the affected list such as:
- PowerPoint 2007 (with or without Service Pack 1)
- PowerPoint Viewer 2003 or 2007
- Powerpoint with Office 2008 for Mac
however that could change as Microsoft’s investigations proceed.
The OpenXML (.PPTX .PPTM etc) and OpenDocument (.ODP) files are not known to be affected.
What to do?
Its early days as the experts at Microsoft delve into this new problem. There’s no patch for this security breach, yet. On the other hand while some infected files have been found on the Internet, there’s no sign of infected PPT files going out in large numbers.
In the meantime you should have the same cautious approach that prudent computer users should take with any arriving file. If the document comes from someone you don’t know – check it carefully. If it comes from someone you know but is unexpected, perhaps some caution is warranted.
Make sure your anti-virus software has been updated very recently (in the last 12-24 hours), the AV companies have or should soon release updates to detect this new type of infected document. Microsoft’s Windows Live OneCare and Forefront Client security products have already been updated as of definition update 1.55.975.0 or above.
The real danger is in receiving an expected but infected file from someone you know. The sender may have an infected computer without knowing it. This latter scenario is the problem with Microsoft’s standard line about caution with ‘un-trusted sources or that are received unexpectedly from trusted sources’.
A possibility for Office 2003 and Office 2007 users is MOICE – the Microsoft Office Isolated Conversion Environment. This lets you open Office documents in a more secure mode.
Or you could use the File Block system to stop people in your organization opening PPT files from unknown and untrusted locations. This might be an over-reaction at this stage and cause more trouble for staff than it’s worth.
Microsoft Bulletin 969136 has some details and will be updated as more is known – as Office Watch will also do naturally.
