dcsimg
 

Microsoft Dismisses PowerPoint Zero-Day Warning

By Ryan Naraine  |  Print this article Print
 
 
 
 
 
 
 

WEBINAR:
On-Demand

Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers


Microsoft is pouring cold water on a warning from anti-virus vendor Trend Micro that a new PowerPoint zero-day attack is under way.

Microsoft is pouring cold water on a warning from anti-virus vendor Trend Micro that a new PowerPoint zero-day attack is under way.

The Trend Micro warning, first issued Aug. 19, said that a specially crafted ".ppt" file was being used to exploit an undocumented PowerPoint vulnerability.

The Japanese anti-virus company said it received a sample of the file Aug. 17, less than two weeks after Microsoft shipped a security update to fix a PowerPoint flaw.

However, according to Stephen Toulouse, a program manager in the MSRC (Microsoft Security Response Center), the vulnerability has already been resolved by an update.

"Our initial investigation is that this is not a new zero-day at all," Toulouse said in an e-mail exchange with eWEEK.

Click here to read more about a recent PowerPoint zero-day attack.

The Trend Micro warning, which was posted without any communication with Microsoft, caught the MSRC off guard, Toulouse said.

"Usually, we receive communication from the [anti-virus] partners prior to going public so that we can confirm," he said.

In this case, Toulouse said the MSRC reached out to Trend Micro for a sample of the malware file to verify whether it was indeed exploiting an unpatched issue.

After receiving a sample, Toulouse said Trend Micro's zero-day claim was incorrect.

According to Trend Micro, the double-barreled attack includes the use of TROJ_MDROPPER.BH, a Trojan dropper that exploits a PowerPoint bug.

Once executed, the malware drops another file on the infected machine which has been identified as TROJ_SMALL.CMZ.

Trend Micro said the second file, when executed, waits for an active Internet connection and attempts to access certain URLs to download and execute possibly malicious files on the affected system.

Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.

 
 
 
 
 
 
 
 
 
























By submitting your information, you agree that channelinsider.com may send you channelinsider offers via email, phone and text message, as well as email offers about other products and services that channelinsider believes may be of interest to you. channelinsider will process your information in accordance with the Quinstreet Privacy Policy.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
























By submitting your information, you agree that channelinsider.com may send you channelinsider offers via email, phone and text message, as well as email offers about other products and services that channelinsider believes may be of interest to you. channelinsider will process your information in accordance with the Quinstreet Privacy Policy.

 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date