Attackers target Microsoft Excel zero-day flaw |
 |
By Robert Westervelt, News Editor
24 Feb 2009 | SearchSecurity.com |
|
|
An unspecified remote code-execution vulnerability in Microsoft Excel is being actively exploited by hackers, according to a warning issued by Symantec Corp.
|
| SearchSecurity.com: |
| To get security news and tips delivered to your inbox, click here to sign up for our free newsletter. |
|
|
|
|
Symantec's SecurityFocus said the vulnerability could be exploited in Microsoft Excel 2007. Other versions of the spreadsheet program may also be affected.
Symantec said attacks are ongoing in the wild. It has detected a Trojan being passed called Trojan.Mdropper.AC, which attempts to exploit the vulnerability.
Microsoft acknowledged the zero-day flaw Tuesday, issuing an advisory explaining that attempts to exploit the vulnerability have been limited and targeted. The software giant also expanded the scope of the issue telling customers that the flaw affects Microsoft Office 2000, Microsoft Office 2002, Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac.
"Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs," Microsoft said in its advisory.
A victim can become infected by opening a malicious Excel file attachment that makes Excel access an invalid object. From there, an attacker can execute arbitrary code with the privileges of the user running the application or crash Excel.
As a workaround, Microsoft is advising customers to use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or un-trusted sources. MOICE is a tool that allows users to more securely open Word, Excel, and PowerPoint binary format files. It supports Office 2003 or 2007 Office suite.Excel users can also use Microsoft Office File Block policy to block the opening of suspicious Office 2003 and earlier documents.
Symantec Corp. researchers said the attackers are using unual methods to try to avoid detection. Trojan.Mdropper.AC is attempting to exploit the vulnerability using weak encryption on the binary embedded in the spreadsheet. The malicious Excel spreadheets were first discovered Monday in Japan.
In December, Microsoft addressed several Excel flaws. Microsoft Security Bulletin MS08-074 addressed bugs that could be exploited by an attacker to install programs; view, change, or delete data; or create new accounts with full user rights. Last year, reports surfaced about a similar zero-day flaw in Excel.
Editor's note: Story updated to include Microsoft acknowledgement and Symantec information.
|
|
|
|
