Microsoft finally released on Tuesday the patch for the PowerPoint vulnerability that has been exploited by cybercriminals early last month. The said update patches 14 Microsoft PowerPoint vulnerabilities, 11 of which were rated as critical, Microsoft’s highest threat ranking. It provides fixes for some versions of Microsoft Office, including 2000, XP, 2003 and 2007.

However, this batch of patches does not address Office 2004 and 2008 on Macs, which suffer from the same vulnerabilities. According to the Microsoft Security Bulletin MS09-017, the updates for Mac are “still in development.”

This update resolves a publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. This vulnerability was exploited to full effect when cybercriminals fashioned PowerPoint files and sent them to unknowing users. These files, when opened, drop a couple of malware (KUPS variants) that perform several suspicious activities including sending a list of the PC’s contents to a certain IP address.

Users are strongly advised to update their system with this latest patch immediately. Moreover, until Microsoft issues a security fix for Mac versions of Office, Mac users are encouraged to exercise caution in opening PowerPoint files that come from doubtful sources, especially spam messages and online downloads. Trend Micro Smart Surfing for Mac blocks IMs and email links that lead to malware that attempt to exploit these vulnerabilities.

Related posts:

• New Exploit Takes on MS PowerPoint
• April 2009 Patch Tuesday Release
• Trend Micro Security Advisory for MS09-017

OfficeScan users with Intrusion Defense Firewall plugin installed are protected from this threat if they have updated to the latest filters (IDF09014).

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!

Last week, the Anti-Malware Testing Standards Organization, or AMTSO, held its second members’ meeting this year that took place in Budapest, Hungary as an extension to the CARO Workshop. AMTSO released new papers at their website, adding to their roster of documents regarding the organization’s principles and guidelines on testing.

Trend Micro has been constantly and actively present since the meetings began. This month, AMTSO is celebrating its first year anniversary, and as a small treat for our readers, I would like to highlight one of the organization’s motivations.

Compared to today’s threat landscape, I like to assume that prior to 2005, the antivirus industry has a “relaxed” life. Signatures for malware were meticulously developed and updated on a regular basis while heuristics and generic detections were considered an engine’s technical high point. Antivirus testers are sometimes individuals but more likely companies or global computer magazines, such as PC World, that proof and evaluate programs or suites designed to protect against malware. Their life prior to the “Threat Big-Bang” can also be considered as relatively relaxed. This is because tests are done using one core module: the virus scanner. Evaluation is easy, and it was normally based on the scan results mostly triggered on-demand.

Cyber evolution and the Internet’s lack of regulations facilitated the “Threat Big-Bang” where, (1) within a span of just four years, the volume of malware has increased to 2,500 percent, (2) the Web has become the most used platform for scams against physical and digital persons, (3) software vendors and the antivirus industry identified the trend and began to redesign and rethink their services to keep the high quality of their provided security.

Word has it that at the testers’ camp, the evaluation of the protection against cyber threats is still sometimes limited since results are solely delivered by the virus scanner module while other modules are either ignored or misinterpreted.

Trend Micro Office Scan has a total of nine core modules, including the traditional virus scanner.

Notice that nowadays the top 20 virus scanners have an on-demand detection rate placed between 90 and 99 percent—when five years ago the range began at around 70 percent. However, this is only one module out of the many that assures protection under given circumstances.

In order to address individual concerns from vendors and testers, these groups have decided to come at the same table and work together in order to support customers instead of confusing them with scientific debates.

AMTSO is now an established platform where testers and vendors could come together to inform, learn, exchange experiences, deliberate, and agree on best practices regarding testing of whole products, modules or features in a fair way. And sense of unbias has one single common denominator: the protection against fraud on data and identity.

Happy Birthday, AMTSO!