Microsoft Fixes 14 Vulnerabilities in PowerPoint through One Security Bulletin
Software giant Microsoft through its monthly Patch Tuesday dated May 12, 2009 has issued MS09-017 a single security bulletin that patches 14 unique flaws in MS Office PowerPoint.
Of these 14 problems, 11 occupied places on the Exploitability Index list, implying that it wouldn't be difficult to produce exploits for them. Furthermore, one patch among the 14 bulletins has been assigned a "critical" rating while the remaining 13 -"important". If exploited, all the 14 issues could allow the execution of remote code.
Meanwhile, the vulnerable PowerPoint application for which a patch has been released carries a Trojan dropper implanted in the presentation. The Trojan can be transported to a user's computer through an e-mail containing an attachment of a malevolent PowerPoint file or via encouraging users to access an infected site.
Earlier in April 2009, when Microsoft published a security advisory for the PowerPoint flaw, it reported that the attack had a low possibility.
Additionally, Microsoft stated that only one patch out of the 14 was an outcome of publicity, while the rest were outcomes of private analysis at ZDI, iDefense and Secunia.
The security specialists state that vulnerability in Office software as in the current case isn't new as in April 2009, Excel was found flawed and vulnerable to attacks. However, that vulnerability was patched. Interestingly, the flaw cited was the foremost problem to influence Office 2003 having Service Pack 3 loaded.
In the meantime, Microsoft disclosed that while its PowerPoint bulletin patched the flaws in the Windows application, it did not do so for Mac.
Jonathan Ness, Microsoft Engineer through a message he uploaded on the Microsoft Security Research & Defense blog, said that while the flaws affected Office's Mac edition, the packages were still undergoing tests. Hence, only the Windows packages were being released, as reported by informationweek on May 12, 2009.
However, Ness stated that Microsoft would upgrade its security package when the Mac patches were tested completely. He further said that Mac users were safe as there was no malware to exploit PowerPoint flaws on Mac.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 21-05-2009