Microsoft Issues Critical Patch for PowerPoint

By Matthew Harwood

Microsoft released patches yesterday for its popular PowerPoint program for PCs due to a vulnerability that would allow a hacker to gain complete control of a system, reports Reuters.

Microsoft defined the threat as "critical" -- the most severe on the scale by which it ranks vulnerabilities to its software.

Hackers are seeking to exploit the vulnerability in PowerPoint by persuading the intended victim to open a tainted PowerPoint file -- that they either download from a Website or receive in an email, according to Symantec Corp, the world's top maker of security software.

According to Microsoft's security bulletin:

This security update resolves a publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Apple users of the program are also vulnerable, but a patch does not exist yet for their computers. Microsoft ensured Apple users that one is in the works. It is the first time Microsoft has released a patch that did not plug the holes in every affected version, reports another article from Reuters.

Jonathan Ness, an engineer with the Microsoft Security Response Center (MSRC), wrote on the MSRC Security Research and Defense blog that "None of the [PowerPoint] exploit samples we have analyzed will reliably exploit the Mac version so we didn’t want to hold the Windows security update while we wait for Mac packages."

Reuters also warns that older versions of PowerPoint, especially the 2000 version, is more susceptible to attack.


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.