Network Security, Patch/Configuration Management, Vulnerability Management

Fourteen fixes for PowerPoint this Patch Tuesday

Microsoft today issued a fix for a zero-day vulnerability in PowerPoint that is currently being leveraged in ongoing attacks in the wild. In addition, the patch addresses 13 other similar vulnerabilities in the program.

The vulnerabilities, which could enable an attacker to take full control of an affected system, were patched for all Windows versions of PowerPoint. Microsoft did not issue a patch for Mac versions of PowerPoint, but said it is currently under development. The company said it is not aware of any active, reliable exploits to Mac versions of PowerPoint, according to its security bulletin. The patch was rated "critical" on Microsoft Office PowerPoint 2000 Service Pack 3 and "important" for other versions of the product.

In early April, Microsoft disclosed that a number of varying exploits were being used in attempting to take advantage of a remote code vulnerability in PowerPoint. The malware ploy works by trying to trick users into opening a malicious PowerPoint slideshow, the researchers said. If they do, a trojan is installed on their machine.

If successfully exploited, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights, Microsoft said.

Even though Microsoft said it is aware of “limited” attacks in the wild, it is hard to know for sure how many users were infected, Eric Schultze, CTO, Shavlik Technologies told Tuesday. Schultze added however, that he thinks there has been a “pretty small” infected base since this is a client-side vulnerability, and relies on end-users to open the PowerPoint, as opposed to a server-side vulnerability, which does not require user interaction to exploit vulnerabilities.

“This can only spread by a user opening the evil PowerPoint document,” Schultze said. “Any virus-like capability is going to move pretty slowly.”

The other 13 vulnerabilities are all very similar in nature -- remote code vulnerabilities affecting PowerPoint, exploited by opening a malicious PowerPoint file, Schultze said. The other vulnerabilities, were not being exploited in the wild, however.

“For end-user and system administrator, this is one issue -- opening an evil PowerPoint document,” Schultze said. “There are 14 did ways it can exploit your system. Apply the patch, and it fixes all those problems.”

At first glance, May appears to be bringing an easier Patch Tuesday, but IT departments must not rest easy, as there is still much activity from the month to keep them busy. The other traditionally popular enterprise software -- Adobe Reader and Acrobat -- will also require installation of more than enough patches this period to make up for any lull in those required by Microsoft, Paul Henry, security and forensic analyst for Lumension told in an email.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.