Microsoft's solo patch for PowerPoint should not be seen as a light load.
Andrew Clarke, senior vice president, international at Lumension Security, claimed that the fix for both a zero-day flaw and 13 other privately reported security vulnerabilities is welcomed, although it should be seen as an opportunity to patch other applications.
Clarke said: “What is important for IT administrators to understand is that May's Patch Tuesday isn't just about patching Microsoft's single patch, but rather fixing other security flaws that are non-MS related in order to stay current and patched. In addition to Microsoft, other vendors including Google, F-Secure, Adobe, HP, Symantec and Mozilla (to name a few) released a slew of patches for popular software applications.
“It is important to remember that historically, popular applications and files like Adobe PDF files or Word, Excel or PowerPoint files have been great vehicles for targeted attacks because those attachments are so socially acceptable and are simply expected attachments within corporate email.”
Clarke further claimed that it is easy to get lulled into a false sense of security until you dig into the details and look at the bigger picture. He encouraged security managers to get their ‘head out of the sand and do a full inventory and assessment of their IT assets (applications and operating systems)'.
“By doing so, you can check on the latest security vulnerabilities that need to get addressed within your IT environment and apply remediation as soon as they are released by the vendor. In order to stay current and secure, always keep your eye on the latest fixes that are being released not just by Microsoft, but other security vendors that are applicable to your environment”, said Clarke.
Speaking on the patch itself, Eric Schultze, CTO of Shavlik Technologies, claimed that it is a ‘client side' patch due to it only attacking a machine once a user has taken an action on their computer. He said that a typical client-side action may include opening malicious documents, reading an evil email, or viewing an evil web page, attacks that are usually constrained to systems where a user is interactively working on the desktop.
Schultze said: “Based on these definitions, today's PowerPoint release addresses a client-side vulnerability. Its attack vector is dependent upon a user performing an action. As a result, we won't see rapid propagation of infected systems through this vector (though once a machine is infected, it could launch other attacks using worm-like server side attack mechanisms such as Conficker).
“Best to patch your client-side systems (where users interact with the desktop) for this issue first, then patch any servers where PowerPoint products may be installed.”