- Related Stories
-
New PowerPoint hole used in cyberattacks
July 13, 2006 -
Microsoft plugs worm hole in Windows
July 11, 2006 -
Office hit by another security problem
June 22, 2006
A patch is being completed and is scheduled to be released on Aug. 8, Microsoft's next "Patch Tuesday," the company said in a security advisory. The fix may be released sooner, if that is warranted, Microsoft said.
Word of the new PowerPoint flaw came last week, only a day after Microsoft released seven security bulletins with fixes for 18 flaws on its July patch day. The new PowerPoint problem could enable an attacker to gain complete control over a vulnerable PC, if a malicious file is opened by its user.
"In order for this attack to be carried out, a user must first open a malicious PowerPoint document attached to an e-mail or otherwise provided to them by an attacker," Microsoft said in its advisory.
The vulnerability affects PowerPoint 2000, PowerPoint 2002 and PowerPoint 2003. Attacks that exploit the flaw in the presentation application are "limited," Microsoft said. Typically, they have to be widespread for the company to issue a patch outside of its monthly schedule.
Some security experts believe the timing of an attack to follow right after a monthly patch day is no coincidence. Microsoft typically does not release fixes outside of its monthly patching cycle for such flaws, giving miscreants at least a month to try to profit from them.
See more CNET content tagged:
Microsoft PowerPoint, flaw, cyberattack, attack, fix
or performance of their products, that would be called a Warranty,
and the EULA expressly forbids them from offering to "care" what
their users really need. So in the meantime, OpenOffice.org is
looking pretty busy these days, so there's hope for a mass exodus
of MS customers who suddenly "got smart" and searched for a
better People Powered way to work.
or performance of their products, that would be called a Warranty,
and the EULA expressly forbids them from offering to "care" what
their users really need. So in the meantime, OpenOffice.org is
looking pretty busy these days, so there's hope for a mass exodus
of MS customers who suddenly "got smart" and searched for a
better People Powered way to work.
- Microsoft NEEDS to get ON THE BALL!
- by wbenton July 19, 2006 9:15 AM PDT
- Microsoft... it's all about "to plug something"...
- Like this Reply to this comment
-
(4 Comments)But lest we forget... there are still numerous products with numerous flaws still unpatched:
Per Secunia Advisories as of this date:
For WinXP Pro alone, there are currently, 28 out of 143 Secunia advisories, are marked as "Unpatched" in the Secunia database.
For WinXP Home alone, there are currently, 25 out of 128 Secunia advisories, are marked as "Unpatched" in the Secunia database.
For Win2000 Pro alone, there are currently, 18 out of 120 Secunia advisories, are marked as "Unpatched" in the Secunia database.
And many of these unpatched flaws have existed since 2002 or possibly even earlier.
Microsoft needs to get out from under the ball and get ON the ball patching ALL of these rediculously long pending flaws!!!