Microsoft Dismisses PowerPoint Zero-Day Warning

By Ryan Naraine  |  Posted 08-21-2006

Microsoft is pouring cold water on a warning from anti-virus vendor Trend Micro that a new PowerPoint zero-day attack is under way.

The Trend Micro warning, first issued Aug. 19, said that a specially crafted ".ppt" file was being used to exploit an undocumented PowerPoint vulnerability.

The Japanese anti-virus company said it received a sample of the file Aug. 17, less than two weeks after Microsoft shipped a security update to fix a PowerPoint flaw.

However, according to Stephen Toulouse, a program manager in the MSRC (Microsoft Security Response Center), the vulnerability has already been resolved by an update.

"Our initial investigation is that this is not a new zero-day at all," Toulouse said in an e-mail exchange with eWEEK.

Click here to read more about a recent PowerPoint zero-day attack.

The Trend Micro warning, which was posted without any communication with Microsoft, caught the MSRC off guard, Toulouse said.

"Usually, we receive communication from the [anti-virus] partners prior to going public so that we can confirm," he said.

In this case, Toulouse said the MSRC reached out to Trend Micro for a sample of the malware file to verify whether it was indeed exploiting an unpatched issue.

Read the full story on eWEEK.com: Microsoft Dismisses PowerPoint Zero-Day Warning