Microsoft has only one fix on the menu for this month’s Patch Tuesday: a security bulletin aimed at its PowerPoint software.
According to the Microsoft security advisory, the bulletin covers a situation that could allow hackers to remotely execute code. The list of affected software includes editions of Microsoft Office PowerPoint 2000, 2002, 2003 and 2007. Also affected are versions of PowerPoint Viewer and the Microsoft Office Compatibility Pack for Word, Excel and PowerPoint 2007 File Formats.
Though not stated in the advisory, it is possible that the bulletin covers a vulnerability the company warned in April was under attack by hackers. At the time, Microsoft stated that a vulnerability in PowerPoint was the subject of “limited and targeted” attacks that could allow a hacker to execute code with the rights of the logged-on user.
“The vulnerability is caused when Microsoft Office PowerPoint accesses an invalid object in memory when parsing a specially crafted PowerPoint file,” the April advisory warned. “This creates a condition that allows the attacker to execute arbitrary code.”
Microsoft detects the malicious PowerPoint files used in the attacks as Exploit:Win32/Apptom.gen. Advice on mitigating the PowerPoint issue can be found here.
The patch is slated to be released May 12.