Microsoft released a solitary security update for its monthly Patch Tuesday report, repairing at least 14 critical vulnerabilities in Microsoft Office PowerPoint that allowed remote hackers to execute malicious code on users’ computers to infect systems and steal data.
Microsoft first issued the security advisory in April, warning users about a zero day attack exploiting the critical PowerPoint flaw. Although the error has been exploited in the wild, Microsoft maintained in its advisory that the exploit appeared to be used in “limited and targeted attacks.”
The error affects numerous versions of Microsoft Office PowerPoint, including PowerPoint 2000, PowerPoint XP, PowerPoint 2003 and Microsoft Office PowerPoint 2004 for Mac. However, vulnerabilities in later versions of the application, including Microsoft Office PowerPoint 2007 and Microsoft Office for Mac 2008, were given the less severe ranking of “important.”
Specifically, the bug stems from a memory glitch that occurs when parsing a specially crafted PowerPoint file, which subsequently enables remote hackers to launch malicious code stealthily onto users’ PCs.
Users can become infected by opening a maliciously crafted PowerPoint attachment in an e-mail that would immediately download a Trojan onto their systems. Users also could become infected by clicking on an embedded link sent via e-mail or IM, redirecting them to a Web site infused with malicious code.
Once users became infected, the attacker could run code with the same access privileges as an authenticated user, or take complete control of the affected machine to steal, alter or delete sensitive data.
