Microsoft has released a security patch to fix a series of serious flaws in its PowerPoint software - but only in the Windows versions of its Office suite, leaving Mac users to wait for a second release.
While one aspect of the PowerPoint flaw was discovered and made public in early April, Microsoft said on its security site that there were "several privately reported vulnerabilities" as well. There are 14 PowerPoint flaws in total that Microsoft is fixing with the patch.
Because the flaws could allow for remote code execution, Microsoft's has called the patch "critical" - it's highest security rating. Microsoft has previously admitted that the public flaw has already been targeted by hackers.
Among other fixes, the patch removes the ability to convert PowerPoint 4 files, which have effectively been disused since Office 2003, Microsoft said.
The patch is only for Microsoft Office in Windows, however. Microsoft said it will release fixes for the Mac version of the suite as well as for Microsoft Works and the Open XML File Format Converter for Mac as soon as testing is finished.
"We normally do not update one supported platform before another but given this situation of a package available for an entire product line that protects the vast majority of customers at risk within the predictable release cycle, we made a decision to go early with the Windows packages," Jonathan Ness of the Microsoft Security Response Centre said in a blog post.
Unpatched systems can be protected with a workaround, Microsoft said, advising admins to temporarily disable affected file formats or force legacy PowerPoint files to open in an isolated environment.
While the PowerPoint flaw is serious, the single update for this month will give IT admins less work than the eight released last month.
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
Beat cyber criminals at their own gameWhitepaper A guide to winning the vulnerability race and protection your organization
-
Same cyberthreat, different storyWhitepaper How security, risk, and technology asset management teams collaborate to easily manage vulnerabilities
-
Three steps to transforming security operationsWhitepaper How to be more agile, effective, collaborative, and scalable
-
Should your business start a bug bounty program?In-depth Big tech firms including Google, Apple and Microsoft offer bug bounty programs, but can they benefit smaller businesses too?
-
Accessing the XDR realmWhitepaper A guide for MSPs to unleash modern security
-
Why zero trust strategies failIn-depth Zero Trust is the gold standard for organizations in protecting systems from cyber attacks, but there are many common implementation pitfalls businesses must avoid
-
Sitecore XP RCE flaw is being actively exploited, ACSC warnsNews The vulnerability was fixed last month but hackers are now moving against patching laggards
