A new zero-day vulnerability appears in PowerPoint

Just a few days after Microsoft released 26 patches this month (of which 16 for Office), Synmantec confirmed on Friday that a new zero-day vulnerability has emerged in the presentation software. PowerPoint.

A mining database site has successfully launched a new attack on PowerPoint2003, even though the application is updated with the latest 4 Tuesday patches. This vulnerability is named 'milw0rm'.

Synmantec warns this vulnerability will start for many scale destructive attacks on PowerPoint. The company informs its customers on the alert system DeepSight: ' We have not seen this vulnerability activate the executable code, but that capability is not completely removed. We have checked and found that it currently works in the form of an advertising spread . ' Security experts rated the new gap as 'serious', ranking second in the most dangerous warnings.

Microsoft noted that the vulnerability could be spread through "bad" PowerPoint files. On Thursday, the company's security team announced that it had identified the source code and was investigating.

' So far we have not received any feedback from users that they have been attacked through a new vulnerability, ' Alexandra Huft, security program manager in Microsoft's Security Response Center wrote on. group blog . ' We are currently working with our partners in the MSRA team (Microsoft Security Response Alliance) to monitor and protect the user community '.

New year 2006 is in October, but Microsoft has released 44 patches, nearly the same as last year. Eight of the 44 patches are for PowerPoint. Nearly two months from the end of the year, let's wait and see if the online community has discovered any more interesting points from Microsoft applications and how many more patches it has to release.

T.Thu