Powerpoint Patch for Windows

Microsoft issued a patch for critical vulnerabilities in PowerPoint this week after a bit of a wait. Mac users will continue to wait, however. PowerPoint's vulnerability was widely known and there apparently were others kept under wraps until Microsoft could issue a patch. Attackers looking to take advantage of the flaw did so by tricking users into opening a PowerPoint file, either by email or other means. Opening the file allowed malicious code to be injected.

Once injected the Trojan attempts to communicate with the Windows update site as a check for an internet connection. Once an internet connection is established, the Trojan sends computer identification and location information (computer name, IP address, OS), performs a directory search, lists the contents of the system, and downloads an update or additional malware.

In short, the virus tells a hacker exactly what's on a victim's computer, and the hacker decides whether or not to take action based on that information.

Microsoft has released a patch applicable to all versions of PowerPoint back to 2000. It should be available via Windows update or by clicking "Check for Updates" in the help menu of PowerPoint.

Mac users running 2004 or 2008 versions will have to wait as the patch for those versions are still in development. Until then security experts recommend caution when opening PowerPoint files from unknown or suspicious sources. Microsoft rates the vulnerability as critical.

Source: SecurityProNews