A new critical security vulnerability has been discovered in the Microsoft Office suite, which hackers are exploiting to attack users.
The aforementioned security flaw was officially identified and announced on July 12, just one day after Microsoft released its monthly security update.
In a warning bulletin issued on July 12, security experts from Symantec indicated that this is an unknown vulnerability in the Microsoft PowerPoint application. As a result, there is currently no patch available to fix this security issue.
This vulnerability exclusively affects the Microsoft Office software suite.
Microsoft, in a statement sent via email on July 13, announced that the company is conducting further investigations into this security flaw.
Microsoft is aware of attacks being carried out by exploiting this vulnerability; however, these are only targeted attacks. To successfully exploit this security flaw, attackers must trick users into opening a malicious PowerPoint file.
Symantec noted that, similar to the vulnerability in Excel, the flaw in PowerPoint could allow attackers to gain complete control over the compromised system. “If a user opens a malicious PowerPoint file, the vulnerability will be exploited, and the attacker will succeed. Successfully exploiting this vulnerability would allow the attacker to execute malicious code remotely on the user’s system.”
Microsoft stated that it will take appropriate steps to protect users once the investigation into this newly discovered vulnerability is complete. The company may issue a security advisory to warn users or release a patch in its monthly security update.
Additionally, on the same day, Microsoft revealed that there are still two other unpatched vulnerabilities in Excel that have been exploited in ongoing attacks.
Hoàng Dũng
