Microsoft to plug PowerPoint hole

Fix for zero-day flaw in PowerPoint that is being exploited in cyberattacks is slated to be released next month.

Microsoft is readying a fix for a zero-day flaw in PowerPoint that is being exploited in targeted cyberattacks, the company said Monday.

A patch is being completed and is scheduled to be released on Aug. 8, Microsoft's next "Patch Tuesday," the company said in a security advisory. The fix may be released sooner, if that is warranted, Microsoft said.

Word of the new PowerPoint flaw came last week, only a day after Microsoft released seven security bulletins with fixes for 18 flaws on its July patch day. The new PowerPoint problem could enable an attacker to gain complete control over a vulnerable PC, if a malicious file is opened by its user.

"In order for this attack to be carried out, a user must first open a malicious PowerPoint document attached to an e-mail or otherwise provided to them by an attacker," Microsoft said in its advisory.

The vulnerability affects PowerPoint 2000, PowerPoint 2002 and PowerPoint 2003. Attacks that exploit the flaw in the presentation application are "limited," Microsoft said. Typically, they have to be widespread for the company to issue a patch outside of its monthly schedule.

Some security experts believe the timing of an attack to follow right after a monthly patch day is no coincidence. Microsoft typically does not release fixes outside of its monthly patching cycle for such flaws, giving miscreants at least a month to try to profit from them.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

An iPhone 6 prototype has one week of battery life

Apple's September 9th event is official, Intelligent Energy builds an iPhone 6 that lasts one week without a charge and will your iPad take direct phone calls?

by Brian Tong