No patch, just a crash for Microsoft PowerPoint flaw

By
Follow google news

One the eve of another Patch Tuesday, Microsoft revealed some good news Friday when engineers reported that a PowerPoint flaw revealed last month cannot be exploited for remote code execution.


Instead of being classified as a security vulnerability capable of compromising a user's system, the bug can only cause a PowerPoint 2003 crash and will not require a patch, according to two engineers, part of the Secure Windows Initiative team, who posted late Friday on the Microsoft Security Response Center blog.

"The PowerPoint team has developed a fix for this bug, and it will go into the next available ship vehicle for PowerPoint," the post said.

Vulnerability monitoring firm Secunia, which first labeled the flaw "highly critical" in response to Microsoft's initial advisory in early October, has downgraded the rating to "not critical."

"Originally, Microsoft stated, contrary to Secunia's internal findings, that successful exploitation could allow execution of arbitrary code," Secunia's updated advisory said. "However, Microsoft has now officially retracted this statement and concludes in thread with Secunia that it's only possible to crash the application."

The vulnerability is caused by dereferencing, or accessing the value that a reference refers to, a NULL pointer while processing a malformed PowerPoint file.

Click here to email Dan Kaplan.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
crashflawforjustmicrosoftnopatchpowerpointsecurity

Sponsored Whitepapers

5 reasons to adopt a mobile first security strategy
5 reasons to adopt a mobile first security strategy
Uncomplicate IT Service Delivery with AI Agents
Uncomplicate IT Service Delivery with AI Agents
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide

Events

Most Read Articles

Australia's critical infrastructure security laws "toothless"

Australia's critical infrastructure security laws "toothless"
"CanisterWorm" supply chain malware attacks npm

"CanisterWorm" supply chain malware attacks npm
Gov proposes disclosure delay for most serious cyberattacks

Gov proposes disclosure delay for most serious cyberattacks
US regulator bans imports of new foreign-made routers

US regulator bans imports of new foreign-made routers
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?