No. 1 Story

Construction needs cloud flexibility

Australia’s embattled construction sector could benefit from cloud based information systems that can be switched on and off in lockstep with individual projects – with the exception of those organisations based in remote areas like the Kimberleys.

read more

Related Articles

Microsoft, Excel, zeroday, vulnerability, confirmed
Microsoft reports zero-day server bug exploits
In what is one of the most potentially serious zero-day Microsoft Windows bugs this...
Read More
Finisterre finds Mac Virex vulnerability
The Month of Apple Bugs may be over, but Kevin Finisterre hasn't given up...
Read More
Microsoft joins SSL VPN appliance market
Microsoft has joined forces with Celestix Networks and Network Engines to deliver appliances running...
Read More
Sophos makes nice with Microsoft and Vista
IT security vendor, Sophos, has announced a new version of Sophos Anti-Virus which supports...
Read More
Our beef with Microsoft different to Kapersky: McAfee exec
According to a McAfee executive, the fact that security vendor Kapersky doesn't have a...
Read More

More From

Popular Threads

Microsoft Excel zero-day vulnerability confirmed

Stan Beer
Monday, 19 June 2006 11:08

Business IT - Security

View Comments
In what is turning out to be the most serious security year on record, yet another zero-day vulnerability has been discovered in a Microsoft Office product. This time a hole in the Excel spreadsheet has been found, with at least one attack confirmed by Microsoft.

Just one month ago, a hole was discovered in Microsoft Word, that enabled attackers to gain control of a computer through an infected Word email attachment. No sooner has that problem been patched than a new vulnerability in Excel has surfaced, which allows attackers to gain control of a computer when a user opens a malicious Excel attachment called okN.xls which infects the computer with a Trojan horse.

In a post to a company blog, Microsoft operations manager Mike Reavey said the company had received a single report from a customer being impacted by an attack using a new vulnerability in Microsoft Excel.

"Here's what we know: In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an email attachment or otherwise provided to them by an attacker.  (note that opening it out of email will prompt you to be careful about opening the attachment) So remember to be very careful opening unsolicited attachments from both known and unknown sources," said Reavey.

The new Microsoft Office zero-day Excel vulnerability is so similar to the previous Word vulnerability that some experts believe that the two attacks are connected in an organised criminal conspiracy. With the Word vulnerability, users had to wait weeks until Patch Tuesday to get a fix. It is not clear whether Microsoft will make users wait that long again to receive a patch for the new Office product hole.

If 2006 is going to be remembered for anything apart from the year Microsoft entered the security space, it could very well be the year that email users had to be careful about opening any emails at all. Flaws in non-executable document attachments and vulnerabilities caused by JavaScript code are rapidly combining to make email an unsafe method to exchange information.

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases