July 17, 2006 4:55 PM PDT

Microsoft to plug PowerPoint hole

Microsoft is readying a fix for a zero-day flaw in PowerPoint that is being exploited in targeted cyberattacks, the company said Monday.

A patch is being completed and is scheduled to be released on Aug. 8, Microsoft's next "Patch Tuesday," the company said in a security advisory. The fix may be released sooner, if that is warranted, Microsoft said.

Word of the new PowerPoint flaw came last week, only a day after Microsoft released seven security bulletins with fixes for 18 flaws on its July patch day. The new PowerPoint problem could enable an attacker to gain complete control over a vulnerable PC, if a malicious file is opened by its user.

"In order for this attack to be carried out, a user must first open a malicious PowerPoint document attached to an e-mail or otherwise provided to them by an attacker," Microsoft said in its advisory.

The vulnerability affects PowerPoint 2000, PowerPoint 2002 and PowerPoint 2003. Attacks that exploit the flaw in the presentation application are "limited," Microsoft said. Typically, they have to be widespread for the company to issue a patch outside of its monthly schedule.

Some security experts believe the timing of an attack to follow right after a monthly patch day is no coincidence. Microsoft typically does not release fixes outside of its monthly patching cycle for such flaws, giving miscreants at least a month to try to profit from them.

See more CNET content tagged:
Microsoft PowerPoint, flaw, cyberattack, attack, fix

4 comments

Join the conversation!
Add your comment
"More Power Than You Can Handle!"
That is Microsoft's new slogan for PowerPoint.
Posted by CancerMan2 (74 comments )
Reply Link Flag
patch before Aug 8 if warranted, MS has a warranty?
Since when does Microsoft have any action or plan to cover the use
or performance of their products, that would be called a Warranty,
and the EULA expressly forbids them from offering to "care" what
their users really need. So in the meantime, OpenOffice.org is
looking pretty busy these days, so there's hope for a mass exodus
of MS customers who suddenly "got smart" and searched for a
better People Powered way to work.
Posted by (39 comments )
Reply Link Flag
patch before Aug 8 if warranted, MS has a warranty?
Since when does Microsoft have any action or plan to cover the use
or performance of their products, that would be called a Warranty,
and the EULA expressly forbids them from offering to "care" what
their users really need. So in the meantime, OpenOffice.org is
looking pretty busy these days, so there's hope for a mass exodus
of MS customers who suddenly "got smart" and searched for a
better People Powered way to work.
Posted by (39 comments )
Reply Link Flag
Microsoft NEEDS to get ON THE BALL!
Microsoft... it's all about "to plug something"...

But lest we forget... there are still numerous products with numerous flaws still unpatched:

Per Secunia Advisories as of this date:

For WinXP Pro alone, there are currently, 28 out of 143 Secunia advisories, are marked as "Unpatched" in the Secunia database.

For WinXP Home alone, there are currently, 25 out of 128 Secunia advisories, are marked as "Unpatched" in the Secunia database.

For Win2000 Pro alone, there are currently, 18 out of 120 Secunia advisories, are marked as "Unpatched" in the Secunia database.

And many of these unpatched flaws have existed since 2002 or possibly even earlier.

Microsoft needs to get out from under the ball and get ON the ball patching <b>ALL</b> of these rediculously long pending flaws!!!
Posted by wbenton (522 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.