Most people are conditioned by now to not open unknown file attachments — especially file attachments on emails from unknown sources. Just in case you somehow missed the memo, there is a new reason to think twice before opening a PowerPoint file.

New research indicates that attackers have figured out how to weaponized a PowerPoint file so that it circumvents detection by antivirus tools. The malware is embedded in a PowerPoint presentation. Because the file is saved in PPS format it bypasses AV detection, but when the file is opened in Slide Show presentation format the phishing attack is able to execute.

Microsoft is aware of a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object.

An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. The attack requires user interaction to succeed on Windows clients with a default configuration.

A cyberespionage campaign believed to be based in Russia has been targeting government leaders and institutions for nearly five years, according to researchers with iSight Partners who have examined code used in the attacks.

The campaign, dubbed “Sandworm” is believed to have been running since 2009, and used a wide-reaching zero-day exploit uncovered by the researchers that affects nearly every version of the Windows operating system released since Windows Vista. The attackers also targeted attendees of this year’s GlobSec conference, a high-level national security gathering that attracts foreign ministers and other top leaders.