Microsoft Closes PowerPoint Zero-day Hole
Microsoft today closed a critical PowerPoint hole that that has been under attack since last month, along with 13 other, less-important flaws in the Office application and related software.
The patch shores up Office 2000, XP, 2003, and 2007, as well as PowerPoint Viewer, Office Compatibility Pack and Works software, but but there's no fix yet for Office for Mac. News of targeted attacks using malicious .ppt files came out last month. Microsoft said Office 2007 wasn't affected by the zero-day flaw, but it received a fix for a different, privately disclosed flaw in this patch. Find full patch details in bulletin MS09-017.
Redmond says that fixes for Office for Mac, along with Microsoft Works 8.5 and 9.0, are still in the works. The Mac versions weren't under active attack, according to an MSRC post, and the company says it didn't want to hold up the patch release while it worked on the Mac patches.
This was only the fourth time in four years that Microsoft has released just one security bulletin, according to Symantec. Run Windows Update to get the fix right away, or wait a bit for it to come down via Automatic Updates.