Microsoft warns of Excel zero-day flaw

Article

Microsoft warns of Excel zero-day flaw

Bill Brenner, Senior News Writer

Attackers are actively exploiting a zero-day flaw in Microsoft Excel to infect and hijack targeted machines, the software giant warned in an advisory yesterday. The only defense at this point is to avoid opening Excel files from untrusted sources.

Microsoft Excel is used in many banking and financial firms and is the most popular spreadsheet application used by businesses for many bookkeeping tasks.

Microsoft Security Response Center spokesman Tim Rains said in an email Tuesday that the vulnerability affects Microsoft Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000, and Microsoft Excel 2004 for Mac. Customers who are using Microsoft Office Excel 2007, Microsoft Excel 2008 for Mac or have installed Microsoft Office Excel 2003 Service Pack 3 are not affected, he said.

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Microsoft Security Advisory (947563) acknowledges "limited attacks" against the vulnerability. Microsoft said that once its investigation is completed it may release a patch either through its monthly security update or as an out-of-cycle release.

"Microsoft continues to encourage customers to follow the guidance of enabling a firewall, applying all software updates and installing antivirus and antispyware software," the software giant said in the advisory.

In addition to not opening untrusted Excel files, Microsoft recommended Excel 2003 customers consider using the Microsoft Office Isolated Conversion Environment (MOICE) or Microsoft Office File Block policy. MOICE is designed to convert Office 2003 files to the new Office 2007 Open XML format with the goal of squeezing malicious exploits from the file. It creates a "sandbox" with a restricted tolken where documents are scrubbed for malware. Once the malware is ejected, the file can be opened as it normally is in Office 2003.