PowerPoint Trojan: Not Zero DayPowerPoint Trojan: Not Zero Day

The new PowerPoint Trojan that baffled researchers yesterday targets a known vulnerability

Dark Reading logo in a gray background | Dark Reading

Sigh of relief: Researchers concluded this morning that the new PowerPoint Trojan is not a zero day exploit after all.

The so-called Troj_Mdropper.BH (See Trojan May Threaten PowerPoint.) actually exploits a known and patched vulnerability in Office, MS06-012, according to an update on Trend Micro's malware blog today.

The Trojan confounded researchers around the industry yesterday because it didn't display the same behaviors of other malware that goes after the remote-code execution vulnerabilities in Office that were patched in MS06-012. Researchers initially thought it could be targeting a new, unknown vulnerability in Microsoft software and spent most of yesterday and last night testing it out.

"When we put up a statement like it uses 'an unknown vulnerability,' we are in the middle of our investigation and don't know if it is or not yet," says David Perry, global director of education for Trend Micro.

The Trojan's shell code doesn't "manifest" the same behavior as other exploits that target the vulnerability, Trend Micro said in its update.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

About the Author

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with three decades of experience in reporting and editing for various technology and business publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was selected three consecutive times as one of the Top 10 Cybersecurity Journalists in the US, and was named as one of Folio's 2019 Top Women in Media. She has been with Dark Reading since its launch in 2006.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights