Commentary

George Hulme
 

Hackers Targeting Microsoft Zero-Day Excel Flaw: Microsoft Offers Kludgey Fix

Late yesterday, Microsoft confirmed in a security advisory (947563) that hackers are targeting a significant vulnerability in multiple versions of Excel. The vulnerability appears to be a previously unknown zero-day, and a successful attack could result in various levels of control over the affected system -- depending on how user rights have been configured.

Late yesterday, Microsoft confirmed in a security advisory (947563) that hackers are targeting a significant vulnerability in multiple versions of Excel. The vulnerability appears to be a previously unknown zero-day, and a successful attack could result in various levels of control over the affected system -- depending on how user rights have been configured.As is the case with most flaws in Microsoft Office, attacks typically come in the form of a maliciously crafted e-mail attachment or downloadable file on a Web site.

The company is suggesting users running Office 2003 SP 2 use the Microsoft Office Isolated Conversion Environment (MOICE) to convert documents to the new Office open XML format.


More Security Insights

White Papers

More >>

Reports

More >>

Webcasts

More >>

That means, the best options for you is caution when opening Excel files from ... anyone. These types of attacks, targeting client software and file formats, have been on the rise in recent years. They've included everything from PDF files to Word documents and PowerPoint presentations. And as it's already been said many times: don't open attachments (never, ever) from unknown sources. For the next few weeks it's a great idea to actually check with friends and co-workers that they actually sent you that Excel file to review.

According to the software company, the flaw may only affect users running Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000, and Microsoft Excel 2004 for Mac.

So far, users of Excel 2007 or those running the just released Excel 2008 for the Mac are not vulnerable. Neither is anyone running Microsoft Office Excel 2003 Service Pack 3.

The security advisory is available here. Hopefully, an actual patch will be available soon.


Related Reading




Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

InformationWeek encourages readers to engage in spirited, healthy debate, including taking us to task. However, InformationWeek moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. InformationWeek further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
T-Shirt Giveaway T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting!
Subscribe to RSS

Resource Links