iTWire - Warning: Excel Zero Day Vulnerability

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Warning: Excel Zero Day Vulnerability

Warning: Excel Zero Day Vulnerability

E-mail

by Davey Winder
Wednesday, 25 February 2009
Microsoft has issued a security advisory regarding a zero day vulnerability which could allow remote code execution upon the opening of an Excel file. Microsoft Security Advisory 968272 has been published and warns that Microsoft is looking into reports of a Microsoft Office Excel vulnerability that "could allow remote code execution if a user opens a specially crafted Excel file." Featured Whitepaper 5 Best Practices for Smartphone Support The vulnerability was first revealed by researchers at Symantec who noticed suspicious activity surrounding Excel 2007 spreadsheets in Japan. Symantec notes that the attackers are encrypting the binary within the malicious Excel spreadsheets in order to evade detection. Meanwhile, Microsoft insists that it is "only of limited and targeted attacks that attempt to use this vulnerability." It goes on to say that it is "actively working with partners" to investigate the issue and will "take the appropriate action to protect our customers" in due course. The appropriate action being either a solution through a service pack, a monthly security update or even an out-of-cycle security update. Microsoft gives no indication of when the investigation will be complete or when a solution might be forthcoming, however. Let's hope it is real soon, especially when you consider that the vulnerability appears to impact all versions of Excel, and that includes back as far as MS Office 2004 as well as MS Office 2008 for the Mac. Microsoft admits that if an attacker successfully exploits the vulnerability then they could gain the same user rights as the local user. Furthermore, that "compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability." So come on Microsoft, when are you going to resolve this and all the other outstanding Excel security issues and make MS Office a safe place to work again? Tags See All Tags Advisory Davey Winder Excel Microsoft Microsoft Office Office Patch Remote Code Execution Security Software Spreadsheets Vulnerability Zero Day Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Internet Security Predictions for 2010 from AVG (AU/NZ)

Frost & Sullivan Awards Websense Australian Secure Content Management Vendor of The Year

TANDBERG Awarded Australia Video Conferencing Vendor Of The Year By Frost & Sullivan

World Leader in IT Power Management Appoints Channel Partner for South Pacific

MicroStrategy Reporting Suite Provides Seamless BI Reporting for Microsoft Analysis Services

Thunderhead Appoints Phil Walker as Managing Director of Asia Pacific and Europe

Heathrow Airport Terminal 5 Live with Progress Software

...Promote your press-releases here

Latest jobs

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking