Microsoft has pointed out that another piece of malicious code has appeared on the Internet that can be used to attack computers with PowerPoint files.
Microsoft released its October security bulletins last Tuesday. These have resolved a total of twenty-six vulnerabilities in Windows, Office suites, and the .Net framework. The company has classified a significant portion of the patched security vulnerabilities as critical vulnerabilities.
However, Microsoft security professionals and developers could not rest much, as a few days after the October releases came out, another dangerous vulnerability was discovered, this time affecting the 2000, 2002, and 2003 versions of PowerPoint software. Security firm Secunia also investigated the security flaw and found it to be critically hazardous. One of the main reasons for this is that the code needed to exploit the vulnerability has become available on the Internet.
According to Microsoft, the PowerPoint vulnerability could be used to perform malicious actions on affected computers. The vulnerability could cause problems when opening specially crafted PowerPoint files. Alexandra Huft, a Microsoft expert, said in a statement that no attack has been reported so far that has exploited this vulnerability. Microsoft recommends that you open PowerPoint files only from trusted sources.
It has become almost a tradition for more and more dangerous vulnerabilities to be discovered within a few days of the release of Microsoft's bug fixes on Tuesday. Johannes Ullrich, a specialist at the SANS Institute, said that in recent months, it has been observed that attackers wait for Microsoft security bulletins to appear and only then make their malicious code available.
