The vulnerability lies in a component of PowerPoint and, when exploited, can allow an attacker to remotely install malware on the targeted system.
The vulnerability is rated as 'critical' for Office 2000 and 'important' for Office XP, 2003 and 2007 as well as the PowerPoint viewer and the Office Compatibility pack.
Microsoft first gave word of the flaw in early April when it issued a warning that the vulnerability was being actively targeted in the wild by malware writers.
Many had expected the flaw to be patched by Microsoft during last month's Patch Tuesday release. When the update was released without a patch, some experts began to worry that leaving the flaw unpatched was putting users at a high risk for infection.
According to Microsoft's advance notice, the PowerPoint flaw is set to be the only patch released this month, sparing users and administrators from having to update Windows or Internet Explorer.
The May update is expected to be released May 12.
Updates typically arrive by early afternoon US Pacific time.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
