Stepto here.  We’ve been made aware of a vulnerability affecting PowerPoint that we wanted to let you know about, that appears to be involved in very targeted attacks.

Like most of the recent Office vulnerabilities we’ve seen, a user must first open a malicious document that is sent as an email attachment or otherwise provided to them by an attacker.  (Again, like the recently addressed issues, opening the malicious file out of email in the recent versions of PowerPoint will prompt you to be careful about opening the attachment, it won’t trigger the attack automatically)

So remember to be very careful opening unsolicited attachments from both known and unknown sources.

We’ve activated our security response process and we have added detection to the Windows Live Safety Center for up-to-date removal of malicious software we’ve seen that attempts to exploit the vulnerability.  The Windows Live Safety Center is located at the following website: 

http://safety.live.com

We’ve kept the Office team engaged on a state of high alert over the past couple of months for vulnerabilities relating to Office.  Right now they are working on an update to address the issue.  We’ll be documenting this through the weekend in the form of a security advisory and will post it as soon as we are confident in the protection steps (we’re targeting Monday morning)

S.

*This posting is provided "AS IS" with no warranties, and confers no rights.*