Chicago (IL) – Microsoft has issued a critical PowerPoint patch. The latest security update fixes several vulnerabilities that could allow malicious remote code execution.
“An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system,” Microsoft warned in a security bulletin. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
MS09-017 addresses the above-mentioned vulnerabilities by “modifying the way that PowerPoint handles conditions that could cause memory corruption when opening specially crafted PowerPoint files.” The update also prevents PowerPoint 2000 and Microsoft Office PowerPoint 2002 from opening PowerPoint 4.0 native file formats.
According to Microsoft, security update MS09-017 is rated “critical” for PowerPoint 2000. However, the update is labeled “important” for all other versions, including PowerPoint 2002, 2003, 2004 (MAC), 2007, 2008 (MAC). This is because PowerPoint 2002 and subsequent versions offer a built-in feature that prompts users to open, save, or cancel before opening a document.
“The prompt feature reduces the vulnerability from critical to important because the vulnerability requires more than a single user action to complete the exploit,” added Microsoft.