Microsoft is planning to issue a single security bulletin next week as part of its monthly Patch Tuesday update cycle. The fix addresses a critical vulnerability in PowerPoint that has been “actively exploited” since last month, affecting several versions of the program from Office 2000 all the way up to Office 2007 – a previous description included Office 2004 for Mac but it was not mentioned in this bulletin.
The exact nature of the issue will be disclosed next week, but reports suggest this is another ‘malformed document causes buffer overflow with potential remote code execution’ problem. The single update represents a big drop from April, when the company issued eight updates that patched 23 vulnerabilities.
While no other vulnerability patches are planned, Microsoft did say that it would be releasing an updated version of its Windows Malicious Software Removal Tool as well as a number of other non-security updates for Microsoft .NET Framework 1.1 Service pack 1, Microsoft .NET Framework 3.5 Service Pack 1 and .Net Framework 3.5 Family and Windows PowerShell 1.0 for Vista.