Symantec, McAfee agree Microsoft PowerPoint vulnerability was patched

By
Follow google news

Two leading anti-virus firms, who were debating the existence of an unpatched Microsoft PowerPoint vulnerability, now both agree the hole was sealed in Redmond's security update on Tuesday.


Symantec initially released an advisory on Tuesday describing Trojan.PPDropper.G, which the security company said attempts to take advantage of "a previously unknown vulnerability in Microsoft PowerPoint to drop other threats on a compromised computer."

The SANS Internet Storm Center lists the PowerPoint hole as a "missing" Microsoft fix and ranks its potential effect on clients as "critical."

McAfee Avert Labs’ Craig Schmugar, meanwhile, said testing determined that the PowerPoint flaw was fixed when Microsoft released bulletin MS07-015 on Tuesday. That patch also addressed an Office zero-day exploit reported on Feb. 2.

"This testing suggests Trojan.PPDropper.G may in fact be a PowerPoint version of the Office zero-day exploit [targeting Excel]," Schmugar said.

"Symantec has admitted "this threat will not execute on computers that have installed the update" from Microsoft.

A Microsoft spokesman told SCMagazine.com today that the software giant agreed with McAfee's original assessment and encouraged users to enable their machines to receive automatic updates.

In total, Tuesday’s release by Microsoft addressed eight vulnerabilities in versions of Office, Word, Excel and PowerPoint. At least six were being actively exploited.

Click here to email reporter Dan Kaplan.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
mcafeemicrosoftpatchedpowerpointsecuritysymantecvulnerabilitywas

Sponsored Whitepapers

Build the Infrastructure for Your AI Revolution
Build the Infrastructure for Your AI Revolution
2026 Engineering Reality Report
2026 Engineering Reality Report
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats
Optus Enterprise Mobility
Optus Enterprise Mobility

Events

Most Read Articles

Commercial spyware targeted Samsung Galaxy users for months

Commercial spyware targeted Samsung Galaxy users for months
Australia's AUKUS base to connect to subsea cables

Australia's AUKUS base to connect to subsea cables
Westpac factors post-quantum cryptography prep into "secure router" rollout

Westpac factors post-quantum cryptography prep into "secure router" rollout
Researcher trawls cybercrime sites, collects billions of stolen credentials

Researcher trawls cybercrime sites, collects billions of stolen credentials
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?