May 07, 2009

From eight to one: PowerPoint sole fix coming from Microsoft

Microsoft said Thursday it expects to release a single patch next week -- this one to repair a zero-day vulnerability in PowerPoint that is being leveraged in ongoing, targeted attacks.

The single fix, down from eight security bulletins released last month by the software giant, impacts a critical PowerPoint vulnerability present in Office 2000, 2003, XP and 2007, according to an advance notification.

Days before its April security update, Microsoft researchers disclosed that a number of varying exploits were attempting to take advantage of the vulnerability.

The malware ploy works by attempting to trick users into opening a malicious PowerPoint slideshow, the researchers said. If they do, a trojan is installed on their machine.

Originally, the bug wasn't believed to impact Office 2007, but in Thursday's notification, Microsoft said PowerPoint 2007 with Service Pack 1 and 2 are affected.




Related Articles
Related Topics

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.