Severity: High
Summary:
· These vulnerabilities affect: Most current versions of Microsoft PowerPoint for Windows and Mac (ships with Office), except for 2010.
· How an attacker exploits it: By tricking one of your users into opening a malicious PowerPoint document
· Impact: In the worst case, an attacker executes code on the user's computer, gaining complete control of it
· What to do: Install Microsoft's PowerPoint updates as soon as possible, or let Microsoft's automatic update do it for you (Mac update not available yet)
Exposure:
If an attacker can entice one of your users into downloading and opening a maliciously crafted PowerPoint document, they can exploit either of these vulnerabilities to execute code on a victim's computer.
Attackers utilize malicious Office documents in their targeted email attacks (spear phishing). User often consider Office documents as benign. Yet, criminals can easily leverage these sorts of vulnerabilities to cause malicious office documents to install malware. We recommend, you install this updates as soon as you can.
Solution Path
Microsoft has released patches for the Windows version of PowerPoint to correct these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately, or let the Microsoft Automatic Update feature do it for you.
Unfortunately, Microsoft has not yet released the Mac updates yet. They don't say exactly when they plan to release the Mac update, only that they will when testing is complete.
PowerPoint update for:
Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
