14 DAY TRIAL // With another Vista interim just released and racing to meet an August 31 deadline for the Release Candidate 1, Microsoft has announced that it will not issue a patch for the PowerPoint vulnerability exploited in Zero-day attacks just last week, until August 8.
The vulnerability in the MSO.DLL library file was already exploited via the Trojan.PPDDropper.B, and the backdoor Backdoor.Bifrose. Several security companies including Symantec and Sophos have warned that compromised computers could allow for remote access and remote code execution ranking the vulnerability as critical.
In this regard, Microsoft has warned its customers to steer clear of PowerPoint files attached to e-mails that have unidentified sources. The Redmond Company also stated that a security patch will be released earlier than August 8 if exploits will come to a level where a security update will be mandatory. On August 8, Microsoft has scheduled its monthly release of security updates.
"In order for this attack to be carried out, a user must first open a malicious PowerPoint document attached to an e-mail or otherwise provided to them by an attacker," Microsoft said, adding that it "is concerned that new reports of a vulnerability in PowerPoint were not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities."