By Gregg Keizer , TechWeb Technology News
A day after Microsoft Corp. went out-of-cycle to patch a critical bug in its Internet Explorer browser, a security researcher Wednesday said that Microsoft may have deliberately withheld information on a new unpatched vulnerability in PowerPoint and an ensuing exploit that has launched at least one targeted attack.
Both McAfee Inc. and Symantec Corp. warned of a new unpatched vulnerability in PowerPoint, the presentation maker included with the Microsoft Office application suite. In an alert issued Wednesday to customers of its DeepSight threat system, Symantec said that the exploit -- a Trojan horse it dubbed "PPDropper.f" -- is being used to remotely exploit the bug. An attack, added Symantec's warning, "can result in arbitrary code execution on the victim computer."
Craig Schmugar, a virus researcher with McAfee's Avert Labs, first reported the vulnerability and exploit mid-day Tuesday in an entry on the research team's blog.
In an interview Wednesday, Schmugar said that PowerPoint 2002 (the version included with Office XP) and PowerPoint 2003 are vulnerable. "The vulnerability lets attacks introduce whatever code they want" into the compromised machine.
McAfee's detected two separate threats, although just one exploit. "They're the same exploit, but in two different packages," said Schmugar. An attack adds a backdoor Trojan to the victimized PC that then sends a report of its success to one of multiple remote servers. "The servers aren't responding as of now."
PowerPoint, which like other Office applications such as Word and Excel, has been patched this summer against active exploits, has been attacked by a malicious PowerPoint-formatted document sent to a limited number of users. Symantec said the document, named "FinalPresentationF05.ppt" or "2006-Jane.ppt," triggers the bug, launches the exploit, and loads the backdoor.
More important than the vulnerability itself and the ongoing attack, said Schmugar, is evidence that Microsoft knew of the problem but decided not to share the information with other security researchers.
"Microsoft anti-virus engine is detecting both threats," said Schmugar. Definition updates dated Sept. 23 detect the two as Controlppt.w and Controlppt.x, although the limited information in the Malicious Software Encyclopedia shows dates of Sept. 26 for both.
Try TechWeb's RSS Feed!ISIS Papyrus America seeking Software Pre-Sales Analyst in Southlake, TX
Agilent Technologies seeking Business Manager in Bangalore, IN
Covidien seeking Principal Validation Test in Boulder, CO
T-Mobile seeking Unified Subscriber Database Engr in Bellevue, WA
20th Century Fox seeking Sr. Production Software Engineer in Los Angeles, CA
For more great jobs, career-related news, features and services, please visit our Career Center.
TechWeb's FREE e-mail newsletters deliver the news you need to come out on top.
Get definitions for more than 20,000 IT terms.
Editorial and vendor perspectives
