Microsoft fixes bug in Producer software

Microsoft has released a new version of its Producer software, fixing a critical security problem that plagued the product for several months.

Producer is a free add-on tool that helps users capture and add multimedia components to their PowerPoint presentations.

Last March, Microsoft warned of a critical security bug in the product, but it didn't release a new update. Instead, it said that Producer 2003 users should simply uninstall their software. On Monday, however, it posted an update, and is now recommending that "all customers using Producer 2003 upgrade to the new version," according to a blog post from the Microsoft Security Response Center.

Back in March, Microsoft said it was not updating Producer 2003 because it wasn't designed for automatic updates. "Based on our investigation, we determined that the best way to protect the vast majority of customers was to release an update addressing the components that shipped with Windows," Microsoft said in a blog post. "We recommend that customers either uninstall the application or apply an available Microsoft Fix It to disassociate the project file type from the application to add an extra layer of security."

The flaw, which has to do with the way Producer reads certain file formats, also affects Windows Movie Maker. But Microsoft issued a Movie Maker patch when it first warned of the issue in March. A similar product, Windows Live Movie Maker -- which runs on Vista and Windows 7 -- is not affected by the issue.

Microsoft doesn't know of anyone exploiting the bug in online attacks, but it's worried that hackers might be able to use it to install unauthorized software on victims' computers.

"Producer 2003 was a little-known product," said Andrew Storms, director of security operations with security vendor nCircle, via instant message. "What we have is the official replacement for the flawed product."

FREE Computerworld Insider Guide: Five IT certifications that won’t break you
Join the discussion
Be the first to comment on this article. Our Commenting Policies