OS/Platform/Application:

Microsoft PowerPoint on Windows and Mac systems.

Category: ALERT
Severity: HIGH
Attention: PowerPoint Users, System Administrators, Desktop Support Personnel

Summary: Numerous Internet Security resources are reporting the existence of a newly-discovered vulnerability in Microsoft PowerPoint.  The most likely mechanism of exploit for this vulnerability is the opening of a maliciously-crafted Power Point document.  Successful exploitation of this vulnerability could result in a range of unfavorable outcomes including complete takeover of a user's computer.  Microsoft has released a Security Advisory that details the vulnerability and also provides some suggested workarounds.  At the time of this writing (9:51 AM 4/3/09) Microsoft has yet to release a patch for this vulnerability and is acknowledging that "limited and targeted attacks" against this vulnerability are occurring on the public Internet.

Recommended Actions: PowerPoint users are encouraged not to open PowerPoint documents from unknown or untrusted sources.  Users, System Administrators, and Desktop Support personnel are also encouraged to read the Microsoft Security advisory and consider implementation of workaround(s) in situations where regular handling of PowerPoint files form untrusted sources may occur.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

Microsoft Security Advisory:
http://www.microsoft.com/technet/security/advisory/969136.mspx