Microsoft has officially confirmed the newly discovered security vulnerability in MS PowerPoint and announced that it will release a patch on August 8th.
In a warning bulletin released yesterday (July 17), Microsoft advised users not to open or store Microsoft Office files from unknown sources.
This warning comes after several incidents where users were attacked by exploiting the aforementioned security flaw. However, Microsoft’s alert was issued a week late. Previously, the security vulnerability in PowerPoint had been used as a tool to cultivate a Trojan keylogger that infects Windows systems.
“However, attacks can only occur if users open a malicious PowerPoint file sent via email or any other means,” Microsoft stated. “Therefore, until a fix is available, users should exercise caution when opening or storing MS Office files.”
The attack exploiting the security flaw in PowerPoint was launched just one day after Microsoft released its July security bulletin targeting the distribution of the Trojan Trojan.PPDropper.B via emails sent to Gmail addresses.
Security firm Sophos reported that the PowerPoint files accompanying those emails contained a humorous presentation about love between men and women. However, hidden within that file was a Trojan that, upon infecting a user’s system, would deploy another keylogger known as Backdoor.Bifrose.E. This keylogger is controlled from a remote server and aims to record all keyboard input and steal personal information from users.
The aforementioned Trojan will add a thread to the Explorer.exe process to overwrite the malicious PowerPoint file with a “completely clean” file—meaning it contains no malicious code whatsoever. Antivirus experts believe this is a new tactic to eliminate all traces and evade detection by security solutions.
Hoàng Dũng
