No patch, just a crash for Microsoft PowerPoint flaw

By
Follow google news

One the eve of another Patch Tuesday, Microsoft revealed some good news Friday when engineers reported that a PowerPoint flaw revealed last month cannot be exploited for remote code execution.


Instead of being classified as a security vulnerability capable of compromising a user's system, the bug can only cause a PowerPoint 2003 crash and will not require a patch, according to two engineers, part of the Secure Windows Initiative team, who posted late Friday on the Microsoft Security Response Center blog.

"The PowerPoint team has developed a fix for this bug, and it will go into the next available ship vehicle for PowerPoint," the post said.

Vulnerability monitoring firm Secunia, which first labeled the flaw "highly critical" in response to Microsoft's initial advisory in early October, has downgraded the rating to "not critical."

"Originally, Microsoft stated, contrary to Secunia's internal findings, that successful exploitation could allow execution of arbitrary code," Secunia's updated advisory said. "However, Microsoft has now officially retracted this statement and concludes in thread with Secunia that it's only possible to crash the application."

The vulnerability is caused by dereferencing, or accessing the value that a reference refers to, a NULL pointer while processing a malformed PowerPoint file.

Click here to email Dan Kaplan.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
crashflawforjustmicrosoftnopatchpowerpointsecurity

Sponsored Whitepapers

Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM
Sumo Logic named in the 2025 Gartner Critical Capabilities for Security Information and Event Management (SIEM)
Sumo Logic named in the 2025 Gartner Critical Capabilities for Security Information and Event Management (SIEM)
The cloud tipping point
The cloud tipping point

Events

Most Read Articles

Researchers detail Bluetooth headphone attack that can hijack smartphones

Researchers detail Bluetooth headphone attack that can hijack smartphones
Patients fret as ManageMyHealth data breach drama plays out

Patients fret as ManageMyHealth data breach drama plays out
Chinese cyberattacks on Taiwan infrastructure averaged 2.6 million a day in 2025

Chinese cyberattacks on Taiwan infrastructure averaged 2.6 million a day in 2025
Telstra used ConnectID impermissibly for months

Telstra used ConnectID impermissibly for months
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?