Microsoft has issued its May 2011 “Patch Tuesday” pack of security updates, and although it’s nothing like as big the Godzilla-sized bundle of vulnerability fixes we saw last month, there’s still good reason for both Windows and Mac users to sit up and pay attention.
First up is a critical vulnerability in WINS (the Windows Internet Name Service). According to Microsoft, the WINS vulnerability could allow malicious code to be run on a computer, or a worm to spread, without user interaction.
The good news is that WINS is not installed by default on affected operating systems, and so only users who have manually installed WINS are potentially at risk.
The second security bulletin from Microsoft concerns Microsoft PowerPoint, and this is why it’s not just Windows users who have to pay attention.
According to the firm, two vulnerabilities have been discovered in PowerPoint that means that attackers could run malicious code on your computer if they trick you into opening a boobytrapped presentation file. This would give the remote hacker’s code the same user rights as the logged-in user.
Microsoft’s advisory on the PowerPoint security vulnerabilities, rates the issue as “important”, and notes that users of Microsoft PowerPoint 2002, Microsoft PowerPoint 2003, Microsoft PowerPoint 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac are at risk.
However, it’s bad news if you’re a user of one of these Mac versions of Office as Microsoft does not have a fix for you.
Yuck. The risk is that cybercriminals will reverse engineer the fix for the Windows version of PowerPoint, and use the information they discover to exploit the vulnerability on Apple Mac versions.
Once again, Mac users are being left in the lurch and have to cross their fingers that malicious hackers don’t attempt to exploit the vulnerability. Fortunately the latest version of Microsoft Office for Mac (2011) is reportedly not affected by the security holes – but many users won’t have bothered to pay for that upgrade.
You can learn more and read Microsoft’s May 2011 security summary on their website.
For a complete view of the threat landscape and the trends we are seeing in SophosLabs, download our 2011 Threat Report.