MS: PowerPoint Flaw Already Fixed
Microsoft is publicly downplaying the risk of an alleged zero-day exploit announced earlier this week for PowerPoint. Security officials from the Redmond company say the vulnerability the exploit affects was already patched.
"Our investigation has proven thus far that customers who are up to date with Office security updates are NOT affected. Meaning this is NOT a zero day. Malware in the malicious .ppt leverages a previously fixed vulnerability in Microsoft Office to drop the payload," said Scott from Microsoft's Security Response Center. "To be attacked and become infected requires a user to open the malicious .ppt file on a system that doesn’t have the latest Office security updates."