Microsoft patched all Windows versions of Powerpoint today to address a client-side, zero-day flaw and 13 other privately reported security vulnerabilities, says Eric Schultze, Chief Technology Officer, Shavlik Technologies. The zero-day vulnerability enabled attackers to take over client machines if a user opened a malformed powerpoint document or visited an evil website. The attacker would be able to execute code on the user's machine with the same level of permissions afforded to the logged on user.
Microsoft says that MS09-017 is a critical patch for PowerPoint:
This update received a 1 rating from Microsoft’s Exploitability Index. The updates for Office for Mac and Microsoft Works 8.5 and 9.0 users are still in development. Microsoft plans to issue updates for these software when testing is complete and we can ensure high quality. We are releasing this security update on an incremental basis because of active targeted exploitation toward Windows platform users.
Visit the Microsoft Subnet web site for more news, blogs, podcasts. Subscribe to all Microsoft Subnet bloggers. Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
Windows 7 and WS2008 R2 ship date: holiday '09CIOs seem to love VMware over Hyper-VUsing offshore certified Microsoft partners? Beware of security holesWindows 7 and ISOs, Hyper-V and NLB, and SakuraMeet me in … a Meeting Workspace: Tips and Best PracticesMicrosoft OpsMgr R2 release candidate available, will ship end of June12 killer freebie SharePoint add-onsCloud computing is cheaper, greener but not yet enterprise ready .Net Services: Microsoft's key to cloud security and Java interoperability Follow Microsoft Subnet on Twitter