Warning: Excel Zero Day Vulnerability

Davey Winder
Wednesday, 25 February 2009 16:37

IT Industry - Market

Microsoft has issued a security advisory regarding a zero day vulnerability which could allow remote code execution upon the opening of an Excel file.

Microsoft Security Advisory 968272 has been published and warns that Microsoft is looking into reports of a Microsoft Office Excel vulnerability that "could allow remote code execution if a user opens a specially crafted Excel file."

The vulnerability was first revealed by researchers at Symantec who noticed suspicious activity surrounding Excel 2007 spreadsheets in Japan. Symantec notes that the attackers are encrypting the binary within the malicious Excel spreadsheets in order to evade detection.

Meanwhile, Microsoft insists that it is "only of limited and targeted attacks that attempt to use this vulnerability." It goes on to say that it is "actively working with partners" to investigate the issue and will "take the appropriate action to protect our customers" in due course.

The appropriate action being either a solution through a service pack, a monthly security update or even an out-of-cycle security update.

Microsoft gives no indication of when the investigation will be complete or when a solution might be forthcoming, however.

Let's hope it is real soon, especially when you consider that the vulnerability appears to impact all versions of Excel, and that includes back as far as MS Office 2004 as well as MS Office 2008 for the Mac.

Microsoft admits that if an attacker successfully exploits the vulnerability then they could gain the same user rights as the local user. Furthermore, that "compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability."

So come on Microsoft, when are you going to resolve this and all the other outstanding Excel security issues and make MS Office a safe place to work again?