PPT Zero Day

Microsoft has announced a patch for fourteen vulnerabilities in PowerPoint that includes one which has been already used by exploit code in the wild (a “zero-day” exploit). MS09-017 is the patch designation.

Microsoft Security Bulletin MS09-017 – Critical – [microsoft.com]

Executive Summary
This security update resolves a publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft plugs 14 PowerPoint security holes – [zdnet.com]

Microsoft has slapped a massive band-aid on its PowerPoint presentation software to cover at least 14 documented security vulnerabilities.

The MS09-017 update, rated “critical,” includes a fix for a known code execution flaw that was used to launch targeted exploits via rigged PowerPoint files.

Leave a Reply

You must be logged in to post a comment.