PowerPoint Attacks Use Old Bug, Not New Flaw

Microsoft now says a recently spotted bug in PowerPoint may not be a new bug at all. Rather, it leverages a previously fixed vulnerability.

Gregg Keizer, Contributor

August 24, 2006

1 Min Read
InformationWeek logo in a gray background | InformationWeek

A bug in Microsoft's PowerPoint presentation maker that security researchers thought was brand new is not, Microsoft now says.

Earlier this week, several security vendors reported that PowerPoint, which was struck by exploits in July that leveraged an unpatched bug, contained another "zero-day" vulnerability which could be used in attacks against PCs. (One of the 12 security bulletins released Aug. 8 fixed the flaw that led to the July attacks.)

Nope, Microsoft said Wednesday in an entry on the company's security research center (MSRC) blog.

"This is NOT a zero day," wrote a member of the MSRC operations team identified only as "Scott." "Malware in the malicious .ppt leverages a previously fixed vulnerability in Microsoft Office to drop the payload," he added.

Oddly enough, the MSRC did not identify the patch that plugs the hole which a pair of new Trojan file droppers had used this weekend to attack Microsoft Office installations. Symantec, however, named the patch as MS06-012, which was released in March.

"After the MS06-012 patches are applied, the exploit no longer crashes Office," Symantec announced in an alert issued to customers of its DeepSight threat network. "We strongly encourage system administrators to ensure that the patches supplied in MS06-012 have been applied to all affected systems."

About the Author

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights