Is there a worse IT job in the world than being a Microsoft security fixer-upper? First, you have to deal with the fact that Windows itself is insecure by design. That’s bad enough. But, then when you do get something right, like this week’s Patch Tuesday pack of patches, you’re hit on the same day with a new and major Internet Explorer zero day security hole!
First, the good news. The big news in this latest lot of patches is that several significant security holes in Excel were fixed. Having been in offices where Excel spreadsheets flew back and forth over e-mails faster than cars passing someone going 55MPH on the interstate this is a good thing. Sneaking malware into documents and spreadsheets isn’t as common as it once was, but it’s still common enough that making Excel a wee bit more secure counts as a must upgrade in my book.
Then, on the moderately bad news side, Microsoft elected not to fix a bug in an add-on to PowerPoint. The specific problem was in Producer 2003, a PowerPoint 2002 and PowerPoint 2003 add-on that allows them to play .mswmm (Windows Movie Maker Project) movies and animations.
Jerry Bryant, a senior manager for the MSRC (Microsoft Security Response Center) explained that Producer 2003 wasn’t fixed because, “Our standard approach is to produce updates that can be deployed automatically for all affected products at the same time but Producer 2003 does not offer a means for automatic update.”
So what is the answer if you’re one of the few people using Producer 2003? I quote Mr. Bryant, “uninstall the application.” That will go over well.