Microsoft Dismisses PowerPoint Zero-Day Warning
Modernizing Authentication — What It Takes to Transform Secure Access
Microsoft is pouring cold water on a warning from anti-virus vendor Trend Micro that a new PowerPoint zero-day attack is under way.
The Trend Micro warning, first issued Aug. 19, said that a specially crafted ".ppt" file was being used to exploit an undocumented PowerPoint vulnerability.
The Japanese anti-virus company said it received a sample of the file Aug. 17, less than two weeks after Microsoft shipped a security update to fix a PowerPoint flaw.
However, according to Stephen Toulouse, a program manager in the MSRC (Microsoft Security Response Center), the vulnerability has already been resolved by an update.
"Our initial investigation is that this is not a new zero-day at all," Toulouse said in an e-mail exchange with eWEEK.
The Trend Micro warning, which was posted without any communication with Microsoft, caught the MSRC off guard, Toulouse said.
"Usually, we receive communication from the [anti-virus] partners prior to going public so that we can confirm," he said.
In this case, Toulouse said the MSRC reached out to Trend Micro for a sample of the malware file to verify whether it was indeed exploiting an unpatched issue.