Discovered in July 12, a serious flaw in Microsoft’s PowerPoint software has remained unpatched by the Redmond giant until yesterday.

As we informed about 3 weeks ago, Internet security companies warned about a vulnerability that was discovered at that time in PowerPoint and which allowed an attacker to gain complete control over a vulnerable PC. Microsoft responded with a rather surprising answer that the security flaw has an extremely limited effect.

Later, Microsoft published on its website an advisory, informing user about the exploit and its “limited” effects. It also scheduled to issue a fix on Tuesday, August 8 “or earlier if required”. It looks like in the end, Microsoft didn’t consider necessary to issue a fix before August 8 and everybody waited patiently (or not) for the fix.

Microsoft kept its promise and yesterday, August 8, issued a series of new security updates for Microsoft Windows and Microsoft Office products. Nine of the vulnerabilities addressed by the patches are categorized as critical, including the flaw in Microsoft PowerPoint that, in the mean time, has already been exploited by Chinese hackers.

27 days have passed since Microsoft declared the flaw to have “an extremely limited effect” until it finally issued the fix and suddenly transformed the vulnerability to “critical”.

27 days is more than enough time for hackers and spammers to steal and distribute email addresses of unsuspecting victims trying understand some of the ancient chinese wisdom about love, as this is what the PowerPoint exploit claimed to offer. So next time you receive a spam email you know what a possible cause could be.