RealTime IT News

'Critical' PowerPoint Patch Coming Tuesday

Patch Tuesday
Microsoft's monthly Patch Tuesday release of bug fixes coming up on May 12 may seem a little thin next week, according to the company's advance notice released Thursday.

This time, when it delivers the patches as well as security bulletins explaining the security implications, Microsoft (NASDAQ: MSFT) only has one patch rated "critical."

However, that's not to say that the patch isn't needed.

For one thing, it may fix a zero-day vulnerability in PowerPoint that popped up "in the wild" -- that is, being used in real Web attacks -- just ahead of Microsoft's last Patch Tuesday on April 14.

Microsoft issued a Security Advisory regarding the PowerPoint bug at the time, but didn't have a patch ready in time for last month's Patch Tuesday drop.

Still, it's unclear whether it'll be fixed in next week's updates. In Microsoft's monthly pre-announcement today, the company said to expect a fix for an unspecified PowerPoint vulnerability in next week's patch roundup. However, the company isn't saying whether this patch fixes last month's vulnerability.

The vulnerability rates "critical" -- the highest threat level on Microsoft's bug severity scale -- but only for PowerPoint 2000. For later versions through PowerPoint 2007, the bug rates as "important" -- the second-highest threat level.

Until the patch is released and installed, users should be careful not to open PowerPoint presentations sent to them by someone they don't know, or which seem to be unusual, the company said.

A Microsoft spokesperson told InternetNews.com that further information will be available on Tuesday.

The update comes on the heels of a similar experience with Microsoft Office Excel, in which zero-day attacks on Excel were discovered in late February, just before March's Patch Tuesday drop.

However, Microsoft did, fix the Excel vulnerability in April's Patch Tuesday update.