Mega PowerPoint patch delivered by Microsoft
Tuesday saw Microsoft releasing a patch with the aim to fix a serious vulnerability in PowerPoint that had already led to exploits.
Though the vulnerability has been rated as important for Office XP, Office 2003, and Office 2007, it has been listed as critical for Office 2000.
It should be noted though that the basis of targeted attacks had already been formed by the hole, persuading Microsoft to come out with a warning last month.
The software maker, Microsoft, which said that it is still working on fixes for the Mac version of Office as well as for Microsoft Works, the company's entry-level productivity suite, although the hole is now patched in the Windows version of PowerPoint.
Microsoft security response communications lead Christopher Budd informed via a statement that the development is still going on for updates for Office for Mac and Microsoft Works 8.5 and 9.0 users. He further said that the company is mulling to issue updates for these software when testing is complete and we can ensure high quality.
“We are releasing this security update on an incremental basis because of active targeted exploitation toward Windows platform users,” said Mr. Budd.
Microsoft has said that in the absence of patch, the vulnerability can be exploited by getting a person to open a PowerPoint file rigged for the attack. Once the file is opened, an invalid object in memory would be accessed by PowerPoint which then permits an attacker to remotely execute code on the system.
On Tuesday, the software maker released the fix as part of the company's regularly scheduled monthly Patch.
Microsoft, which informed that the vulnerability is not rated critical for PowerPoint 2002 and later versions because they prompt a user before opening a document, meaning that the vulnerability requires more than a single user action to complete the exploit, also added that the update will lead to disability to open PowerPoint 4.0 file formats will be disabled by default in Microsoft Office PowerPoint 2000 and Microsoft Office PowerPoint 2002.