Microsoft to issue patch for critical PowerPoint hole

Patch Tuesday will feature one fix for a critical hole in Office PowerPoint that could be the same vulnerability the company said was targeted in attacks last month.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

May 7, 2009 5:32 p.m. PT

Microsoft will issue a patch on Tuesday to fix a critical vulnerability in PowerPoint that could be the same hole that has been exploited in limited and targeted attacks.

The vulnerability affects Microsoft Office 2000, 2003, 2007 and XP, as well as PowerPoint Viewer and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 file formats, according to an advance notification released on Thursday.

In a security advisory in early April, Microsoft warned about a vulnerability in PowerPoint that had been targeted by attacks that were tailored and not widespread.

That vulnerability could be exploited by getting a person to open a PowerPoint file rigged for the attack, the company said. When the file is opened, PowerPoint will access an invalid object in memory. That then allows an attacker to remotely execute code on the system.