New PowerPoint bug, or not?
Update For the last months new vulnerabilities in Microsoft Office have surfaced right after Patch Tuesday. This month many security watchers were on the lookout again. The alarm was sounded over the weekend, but it looks like a false, or at least premature alarm.
"I would be the traffic cop who says move along now, nothing to see here," said David Perry, a spokesman for security company Trend Micro. "I would put this down as a false alarm."
Over the weekend, Trend Micro published an advisory on its Web site warning of a new Trojan horse called "MDROPPER.BH." The pest would arrive in a specially crafted PowerPoint file and attempt to exploit an "unknown system vulnerability," Trend Micro wrote.
That could be read as if there is a new security hole in PowerPoint that is being exploited by malicious software. (And some online news outlets saw it that way.) But that's not how Trend Micro meant it, Perry said.
"We never said it used a new vulnerability, we said it used an unknown vulnerability, not an undisclosed vulnerability," he said.
Microsoft also does not believe a new flaw in its products has been uncovered. "MicrosoftÂ’s initial investigation has revealed that this is not a new zero-day vulnerability," a company representative said in a statement.
Trend Micro has now run the sample of the Trojan horse through numerous tests and concluded that it doesn't work. "We can't get it to work on any version of Windows," Perry said.
Furthermore, analysis shows that whoever crafted the Trojan horse was not looking to exploit a new flaw in PowerPoint. Instead, it looks like the attacker intended to break in through a flaw Microsoft issued a patch for back in March with security bulletin MS06-12.
"It doesn't look like they were trying to exploit a new bug," Perry said. "It looks very similar to MS06-12."
Even though this was a false alarm, that doesn't mean there won't be any new pests that creep in through Office holes, Perry said. "A newer variant might actually work," he said.
Update: Added Microsoft statement at 6.39pm.