Patch/Configuration Management, Vulnerability Management

Symantec, McAfee agree Microsoft PowerPoint vulnerability was patched

Two leading anti-virus firms, who were debating the existence of an unpatched Microsoft PowerPoint vulnerability, now both agree the hole was sealed in Redmond's security update on Tuesday.

Symantec initially released an advisory on Tuesday describing Trojan.PPDropper.G, which the security company said attempts to take advantage of "a previously unknown vulnerability in Microsoft PowerPoint to drop other threats on a compromised computer."

The SANS Internet Storm Center lists the PowerPoint hole as a "missing" Microsoft fix and ranks its potential effect on clients as "critical."

McAfee Avert Labs’ Craig Schmugar, meanwhile, said testing determined that the PowerPoint flaw was fixed when Microsoft released bulletin MS07-015 on Tuesday. That patch also addressed an Office zero-day exploit reported on Feb. 2.

"This testing suggests Trojan.PPDropper.G may in fact be a PowerPoint version of the Office zero-day exploit (targeting Excel)," Schmugar said.

This afternoon, Symantec admitted "this threat will not execute on computers that have installed the the update" from Microsoft.

A Microsoft spokesman told SCMagazine.com today that the software giant agreed with McAfee's original assessment and encouraged users to enable their machines to receive automatic updates.

In total, Tuesday’s release by Microsoft addressed eight vulnerabilities in versions of Office, Word, Excel and PowerPoint. At least six were being actively exploited.

Click here to email reporter Dan Kaplan.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.