Network Security, Patch/Configuration Management, Vulnerability Management

From eight to one: PowerPoint sole fix coming from Microsoft

Microsoft said Thursday it expects to release a single patch next week -- this one to repair a zero-day vulnerability in PowerPoint that is being leveraged in ongoing, targeted attacks.

The single fix, down from eight security bulletins released last month by the software giant, impacts a critical PowerPoint vulnerability present in Office 2000, 2003, XP and 2007, according to an advance notification.

Days before its April security update, Microsoft researchers disclosed that a number of varying exploits were attempting to take advantage of the vulnerability.

The malware ploy works by attempting to trick users into opening a malicious PowerPoint slideshow, the researchers said. If they do, a trojan is installed on their machine.

Originally, the bug wasn't believed to impact Office 2007, but in Thursday's notification, Microsoft said PowerPoint 2007 with Service Pack 1 and 2 are affected.




Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.