In just a few hours time Microsoft will be releasing its regular month “Patch Tuesday” bundle of security fixes – this month including patches for critical vulnerabilities in the likes of Internet Explorer and Microsoft Excel.
But according to the advance bulletin the software giant issued on Friday, there is no sign of a Microsoft fix for a PowerPoint zero day vulnerability that is being actively exploited in the wild.
As revealed earlier this month, hackers are crafting booby-trapped PowerPoint files that, when opened on a victim’s computer, run malicious code without authorisation.
Once a PC has been infected by malware like a backdoor Trojan horse, hackers can gain access to the computer to steal information, to plant further malicious software, or to launch spam and denial-of-service attacks.
As is errmm.. illustrated on the blog of our friends at CA, hackers aren’t afraid to use images of Asian women bathing to lure into opening their “booby-trapped” PowerPoint files.
Of course, no-one wants Microsoft to rush out a fix for a newly discovered vulnerability without proper testing, but the question remains on when will people receive an official fix for the PowerPoint problem? Will they have to wait until the next Patch Tuesday, which isn’t until 12th May? Or will it be determined that the problem is serious enough that a special out-of-band release should be issued?
While we’re waiting, please be sure to patch your systems with the vulnerability fixes that Microsoft has released. If Microsoft thinks they’re serious enough to publicise, they’re important enough for you to protect against.