May Microsoft Patch Tuesday
Microsoft has announced one new patch for its monthly release cycle. Although it doesn’t sound like a lot, this patch fixes a critical vulnerability in PowerPoint that is already being exploited by malicious entities. The patch is rated critical, and affects Microsoft PowerPoint 2000 through 2007. This exploit allows remote code execution on vulnerable systems. Gladiator recommends that users immediately patch all systems with Microsoft Office installed. Detailed information for the patch can be found in Microsoft’s May Security Bulletin and at SANS Internet Storm Center. Summary information is included below:
- Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340) (MS09-017) – This update fixes a publicly released remote code execution vulnerability in Microsoft PowerPoint. The user must open a maliciously crafted PowerPoint file to trigger the remote code execution. Versions of PowerPoint for Macintosh and Microsoft Works are vulnerable, but there is no patch for these systems at this time.
Gladiator recommends that users patch their workstation systems quickly for MS09-017, as exploit code has either been released or is likely in the near future.
Related Links:
- Microsoft Security Bulletin (http://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx)
- SANS ISC Diary Entry (http://isc.sans.org/diary.html?storyid=6376)