The sole Microsoft patch fixes a “critical” flaw in PowerPoint. “Critical” means it’s a big deal. In this case, opening a maliciously crafted PowerPoint presentation could allow an attacker to execute code remotely on a victim’s computer. All versions of PowerPoint released in the past 10 years are vulnerable to this one.

Adobe is patching Reader/Acrobat to fix yet another problem associated with embedded JavaScript. This issue, as well as a work-around, was discussed in an earlier post here.

You can safely assume that the bad guys, knowing that people are often sloppy about security updates, will try to take advantage of both vulnerabilities. The Adobe Reader bug will likely be the primary target. Almost everyone has Adobe Reader installed on their computer and most folks are used to encountering PDF files on web sites.

Be careful out there.

All major antivirus vendors should have protection in place by now. Still, the usual caution applies: Do not open any file from an untrusted source. Ever.

Here are the high points:

• Office 2007 is unaffected. Earlier versions are vulnerable (Office 2003, Office XP, Office 2000).
• Office 2004 for the Mac is vulnerable; Office 2008 for Mac is safe.
• The PowerPoint Viewer is not vulnerable.
• Microsoft is working on a patch for this issue.

Further reading: The Register posted a good overview this morning. Also, check out Microsoft’s official security advisory.