Patch/Configuration Management, Vulnerability Management

No new PowerPoint flaws to report, says Microsoft

There is no new, recently discovered but unpatched flaw in Microsoft's popular PowerPoint presentation program, the company said today after completing an investigation.

An initial inquiry by Redmond, Wash.,-based Microsoft revealed that there is no new zero-day vulnerability in the Microsoft Office program, according to a Microsoft spokesman who had consulted with Microsoft Security Response Center representatives.

Microsoft has been fending off exploits for a flaw in Office since its 12-fix Patch Tuesday release earlier this month.

Trend Micro released an advisory over the weekend detailing an exploit that takes advantage of an unknown flaw for PowerPoint.

Redmond is working with other members of the Microsoft Security Response Alliance to further investigate flaws in PowerPoint, the spokesman said.

In an advisory released over the weekend, Trend Micro said it received samples late last week of a trojan - dubbed TROJ_MDROPPER.BH - that exploits the flaw. The anti-virus vendor rated the malware's risk "low" with "medium" damage potential.

The trojan arrives as a PowerPoint file and must be downloaded by an unsuspecting user or downloaded by other malware. Once downloaded, the trojan drops randomly named malicious executable files into the Windows temporary folder.

To contact online editor Frank Washkuch Jr., click here.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.