Unpatched Excel Flaw Surfaces, Attacks Made - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:12 PM

Unpatched Excel Flaw Surfaces, Attacks Made

The attack allows hackers to hijack PCs. One user was hit with a targeted attack via malicious Excel spreadsheets attached to e-mail messages, according to a posting on the Microsoft Security Response Center blog.

Hard on the heels of Tuesday's massive security update, on Thursday Microsoft disclosed that an attack is in play which exploits an unpatched bug in the popular Excel software.

The attack allowed hackers to hijack PCs.

According to a posting on the Microsoft Security Response Center blog, one customer was hit with a targeted attack via malicious Excel spreadsheets attached to e-mail messages. The MSRC, however, was skimpy with details.

"Here's what we know: In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an email attachment or otherwise provided to them by an attacker," wrote Mike Reavey, an MSRC program manager. "Note that opening it out of email will prompt you to be careful about opening the attachment. So remember to be very careful opening unsolicited attachments from both known and unknown sources."

Symantec, however, had more information.

The attack is carried out, said the Cupertino, Calif. security company, by the Mdropper.j Trojan horse, which takes advantage of an undocumented Excel bug to drop the Booli.a downloader onto the compromised system. Mdropper.j is disguised as an Excel file, complete with the .xls file extension. Booli.a acts as a backdoor, giving the attacker complete access to the PC, and will let him introduce other malicious software, such as keyloggers, or use the machine as a spam zombie.

Symantec said that Mdropper.j successfully attacks Excel 2003 SP2 on a fully-patched Windows XP SP2 system, and may be able to exploit other versions of Excel and Windows. It may even work against Word XP.

That last may indicate a link between this newest zero-day vulnerability and the one which was used by hackers in May to attack several editions of Microsoft Word, including Word XP. That flaw was only fixed Tuesday.

Microsoft's Reavey didn't spell out a plan for patching the bug, but did say that detection for the Trojan horse has been added to the free-of-charge (and in beta) Windows Live Safety Center.

Other than to tell them to "avoid opening Excel documents wherever possible," Symantec didn't have much advice for users. Not surprisingly, it was not as cavalier as was Microsoft, which only said that it was working with anti-virus partners to put signatures in place.

"At the time of writing, exploitation of this issue in the wild is known to occur only as part of a targeted attack," Symantec said in an alert issued through its DeepSight Threat Management System on Friday. "However, with the disclosure of this previously unknown vulnerability, new attackers may begin to exploit it in a widespread manner."

Other security organizations rang the alarm on the bug as well. Danish vulnerability tracker Secunia, for example, tagged the Excel flaw as "extremely critical," its highest warning rank.

Herndon, Va.-based Secure Elements, meanwhile, rated the threat as a "10" in its 1 through 10 scale.

"I am sure it is not by accident that this was timed to be deployed immediately after Microsoft patch Tuesday," said Scott Carpenter, director of Secure's security labs, in a statement. "In recent similar attacks, Microsoft has not issued an out of cycle patch. The exploit's immediate release after patch Tuesday is evidently designed to take advantage of a full month before Microsoft is scheduled to patch [again]."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
Register for InformationWeek Newsletters
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll