Microsoft Dismisses PowerPoint Zero-Day Warning

Microsoft is pouring cold water on a warning from anti-virus vendor Trend Micro that a new PowerPoint zero-day attack is under way.

The Trend Micro warning, first issued Aug. 19, said that a specially crafted ".ppt" file was being used to exploit an undocumented PowerPoint vulnerability.

The Japanese anti-virus company said it received a sample of the file Aug. 17, less than two weeks after Microsoft shipped a security update to fix a PowerPoint flaw.

However, according to Stephen Toulouse, a program manager in the MSRC (Microsoft Security Response Center), the vulnerability has already been resolved by an update.

"Our initial investigation is that this is not a new zero-day at all," Toulouse said in an e-mail exchange with eWEEK.

Click here to read more about a recent PowerPoint zero-day attack.

The Trend Micro warning, which was posted without any communication with Microsoft, caught the MSRC off guard, Toulouse said.

"Usually, we receive communication from the [anti-virus] partners prior to going public so that we can confirm," he said.

In this case, Toulouse said the MSRC reached out to Trend Micro for a sample of the malware file to verify whether it was indeed exploiting an unpatched issue.

After receiving a sample, Toulouse said Trend Micro's zero-day claim was incorrect.

According to Trend Micro, the double-barreled attack includes the use of TROJ_MDROPPER.BH, a Trojan dropper that exploits a PowerPoint bug.

Once executed, the malware drops another file on the infected machine which has been identified as TROJ_SMALL.CMZ.

Trend Micro said the second file, when executed, waits for an active Internet connection and attempts to access certain URLs to download and execute possibly malicious files on the affected system.

Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.