CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 13th, 2009

Microsoft Patch 14 PowerPoint Vulnerabilities, Adobe Patch Reader And Acrobar 0-day Vulnerability

Microsoft has released a solitary bulletin that covers 14 vulnerabilities in PowerPoint, including a zero-day bug that has been the target of hacker exploitation over recent weeks, as part of its May Patch Tuesday update.

All versions of PowerPoint will need patching with the cumulative update, which earns Redmond’s highest security rating of “critical”. The patches released today include versions of Powerpoint that weren’t flagged as vulnerable to the zero-day as Microsoft also included fixes for 13 additional vulnerabilities that were privately reported.

Some of these vulnerabilities impact the newer versions of Powerpoint that were not vulnerable to the 0-day. Included in today’s release are patches for the Powerpoint viewer as well as the full version of Powerpoint. The patch brings relief from zero-day flaws in Microsoft Office software for the first time in nearly two months.

Microsoft’s bulletin can be found at http://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx.

Separately Adobe released an update that defends Adobe Reader against another zero-day vulnerability. The flaw in Adobe Reader 9.1 and Acrobat has been the target of hacking attacks since last month and was, if anything, more dangerous than the 0-day PowerPoint flaw.

More details on the fix from Adobe can be found at http://www.adobe.com/support/security/bulletins/apsb09-06.html.

Popular applications and files like Adobe PDF files or Word, Excel or PowerPoint files have been great vehicles for targeted attacks because those attachments are so socially acceptable and are simply expected attachments within corporate email.

Apart from fixes from Microsoft, Adobe and Apple other vendors including Google, F-Secure,, HP, Symantec and Mozilla have collectively released a slew of patches for popular software applications over recent days.

Credit: The Register

Share this item with others:

More on CyberInsecure:
  • Unpatched 0-day PDF Flaw Harnessed To Launch Targeted Attacks
  • Exploit Posted For Adobe Reader PDF Zero-day Vulnerability In ‘getAnnots()’ Javascript Function
  • Zero-Day PowerPoint Vulnerability Spawns Trojan Attacks
  • Confirmed Zero-day Flash Vulnerability In Latest Adobe Reader And Acrobat 9.1.2, Adobe Flash Player 9 And 10
  • Adobe Patches Older Reader PDF Flaw, In Total 8 Vulnerabilities Patched

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Microsoft Patch 14 PowerPoint Vulnerabilities, Adobe Patch Reader And Acrobar 0-day Vulnerability

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.