[fooqux]

"On Tuesday, October 14, 2014, iSIGHT Partners – in close collaboration with Microsoft – announced the discovery of a zero-day vulnerability..."

"Over the past 5 weeks, iSIGHT Partners worked closely with Microsoft to track and monitor the exploitation of this vulnerability..."

I'm sorry, I feel you should lose the right to call this a zero day when both you and Microsoft have known not only its existence, but the fact that it's being actively exploited for five freaking weeks. Also, am I the only one that feels this reads as a sensationalist article? I think the phrase "weaponized PowerPoint file" was what ended up pegging my meter, but the fact it's not a worm and barely fits the category of remote code execution helps.

[ColinDabritz]

You are right that the usage of the term is confusing in this context. I think it still communicates two critical aspects: First, this is being exploited right now in the wild (and was when it was discovered it sounds like). Second, your windows machines are almost certainly vulnerable right this moment, and you should update immediately.

Perhaps they could have phrased it more clearly, but considering that it sounds like a full exploit on opening a powerpoint document, some alarm is appropriate.

I also think it was a little brash to name it "Sandworm" when it is not, as far as we know, a worm. It certainly has the potential to be used as the key exploit in a worm though.