×

Warning

JUser: :_load: Unable to load user with ID: 3286
Wednesday, 25 February 2009 17:37

Warning: Excel Zero Day Vulnerability

By
Microsoft has issued a security advisory regarding a zero day vulnerability which could allow remote code execution upon the opening of an Excel file.

Microsoft Security Advisory 968272 has been published and warns that Microsoft is looking into reports of a Microsoft Office Excel vulnerability that "could allow remote code execution if a user opens a specially crafted Excel file."

The vulnerability was first revealed by researchers at Symantec who noticed suspicious activity surrounding Excel 2007 spreadsheets in Japan. Symantec notes that the attackers are encrypting the binary within the malicious Excel spreadsheets in order to evade detection.

Meanwhile, Microsoft insists that it is "only of limited and targeted attacks that attempt to use this vulnerability." It goes on to say that it is "actively working with partners" to investigate the issue and will "take the appropriate action to protect our customers" in due course.

The appropriate action being either a solution through a service pack, a monthly security update or even an out-of-cycle security update.

Microsoft gives no indication of when the investigation will be complete or when a solution might be forthcoming, however.

Let's hope it is real soon, especially when you consider that the vulnerability appears to impact all versions of Excel, and that includes back as far as MS Office 2004 as well as MS Office 2008 for the Mac.

Microsoft admits that if an attacker successfully exploits the vulnerability then they could gain the same user rights as the local user. Furthermore, that "compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability."

So come on Microsoft, when are you going to resolve this and all the other outstanding Excel security issues and make MS Office a safe place to work again?

BACK TO HOME PAGE

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

INVITE DENODO EXECUTIVE VIRTUAL ROUNDTABLE 9/7/20 1:30 PM AEST

CLOUD ADOPTION AND CHALLENGES

Denodo, the leader in data virtualisation, has announced a debate-style three-part Experts Roundtable Series, with the first event to be hosted in the APAC region.

The round table will feature high-level executives and thought leaders from some of the region’s most influential organisations.

They will debate the latest trends in cloud adoption and technologies altering the data management industry.

The debate will centre on the recently-published Denodo 2020 Global Cloud Survey.

To discover more and register for the event, please click the button below.

REGISTER HERE!

BACK TO HOME PAGE

BACK TO HOME PAGE

Webinars & Events

VENDOR NEWS

REVIEWS

Comments