WatchGuard Wire
Improve Your Security IQ
Single PowerPoint Patch Fixes Fourteen Vulnerabilities
12 May 09 -- Microsoft may have released only one patch today, but it fixes a myriad of PowerPoint vulnerabilities. According to their security bulletin, today's PowerPoint update fixes fourteen critical security vulnerabilities in the popular presentation package. The fourteen flaws may differ technically, but they all lead to the same problem. If an attacker can entice you into downloading and opening a maliciously crafted PowerPoint document (.ppt), he can exploit these vulnerabilities to execute code on your computer, with your privileges. If you belong to the local administrator group, the attacker gains complete control of your computer.
We first described one of these zero day PowerPoint flaws in a LiveSecurity alert (subscription required) we sent in April. In that alert, we warned you attackers were exploiting that PowerPoint flaw in the wild -- in what Microsoft described as, "limited targeted attacks." To protect yourself from these attacks, we highly recommend you update PowerPoint as soon as you can.
You can learn more about this security bulletin from the tables provided in Microsoft's Bulletin Summary for May. Microsoft's tables, arranged in order of severity, link directly to this month's bulletin and patches. Expand the "Affected Software and Download Location" section of the Summary to find a valuable table that will help you develop your own deployment strategy.
LiveSecurity and LiveSecurity Informer subscribers will receive more detailed information about these flaws, and how to fix them, in an updated alert we're working on right now. -- Corey Nachreiner, CISSP
     
Copyright© 2009 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.
|
