Microsoft issued only one Security Bulletin this month, addressing 14 vulnerabilities in its PowerPoint presentation program.
The software giant's MS09-017 update to Microsoft Office repaired the flaws, which were being actively exploited by attackers. Eleven of the 14 flaws were rated critical. The remote code execution vulnerabilities in Microsoft Office PowerPoint included several memory corruption flaws, legacy file handling errors and an integer overflow error. The update affects all versions of Microsoft Office for Windows.
"The security of our customers is important to us and due to these active attacks, we have released the updates for one product line so that the majority of our customers can protect their systems," Jerry Bryant, senior security program manager wrote on the Microsoft Security Response Center blog.
Recent Microsoft updates:
April - Microsoft patches serious Excel zero-day, Windows flaws Microsoft is patching flaws in Excel and WordPad that are reportedly being actively exploited in the wild and could allow an attacker to gain access to sensitive data.
March - Microsoft patches critical Windows kernel flaw: A critical flaw in the Windows graphics rendering component could be exploited by an attacker to gain access to sensitive data and take control of a machine.
Feb. - Microsoft fixes critical IE 7, Exchange flaws: Memory corruption errors in IE 7 and a message processing error in Exchange leave systems vulnerable to attack, Microsoft said.
Jan. - Microsoft updates critical SMB server flaws: The latest Microsoft security update addresses two critical remote code execution vulnerabilities and a denial-of-service flaw in the Server Message Block.
In a blog entry, Jonathan Ness of MSRC engineering said the update introduces substantial hardening to PowerPoint's parsing engine. Ness called the update "out of the ordinary."
"We normally do not update one supported platform before another but given this situation of a package available for an entire product line that protects the vast majority of customers at risk within the predictable release cycle, we made a decision to go early with the Windows packages,' he wrote in Microsoft's Security Research & Defense blog. <<p>Attackers have been actively exploiting the errors since April when Microsoft issued an advisory warning of ongoing attacks in the wild. Microsoft researchers called the attacks the first reliable exploits seen in the wild that infect Office 2003 SP3 with the latest security updates.
The flaws could be exploited by tricking users into opening a malicious PowerPoint file. The files contain a Trojan dropper embedded within the presentation. The file can be passed via an email with a malicious PowerPoint attachment or by tricking users into viewing a malicious website.
Microsoft gave the update a 1 on its exploitability index, meaning that consistent exploit code is likely in the wild. The update disables by default the ability to open PowerPoint 4.0 file formats in Microsoft Office PowerPoint 2000 and Microsoft Office PowerPoint 2002. Later versions of PowerPoint already have been disabled. Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, Open XML File Format Converter for Mac, Microsoft Works 8.5 and Microsoft Works 9.0 will be released when testing is complete, Microsoft said.
Tas Giakomuniakis, CTO at vulnerability management vendor Rapid7, pointed out that most of the flaws were reported to Microsoft by researchers working through the iDefense and TippingPoint vulnerability acquisition programs, highlighting the increased value of vulnerabilities and the amount of effort required to find them.
"The large number of vulnerabilities in PowerPoint is not that surprising, considering the immense attack surface and poor code quality of the legacy file format parsers in Microsoft Office," he said in a statement.
Other patching experts said that popular applications like Adobe Reader, Microsoft Word, Excel and PowerPoint have been the consistent choice of attackers. The flaws could be exploited by simply tricking a user into opening a malicious file or clicking on a malicious link. Ultimately, the flaws open a door to other malware that steal sensitive information on victim's machines.