PowerPoint Attacks Use Old Bug, Not New Flaw

Filed under: — By Aviran Mordo @ 10:17 am

A bug in Microsoft’s PowerPoint presentation maker that security researchers thought was brand new is not, Microsoft now says.

Earlier this week, several security vendors reported that PowerPoint, which was struck by exploits in July that leveraged an unpatched bug, contained another “zero-day” vulnerability which could be used in attacks against PCs. (One of the 12 security bulletins released Aug. 8 fixed the flaw that led to the July attacks.)

Nope, Microsoft said Wednesday in an entry on the company’s security research center (MSRC) blog.

“This is NOT a zero day,” wrote a member of the MSRC operations team identified only as “Scott.” “Malware in the malicious .ppt leverages a previously fixed vulnerability in Microsoft Office to drop the payload,” he added.

Source: InformationWeek


Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress