Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Microsoft / Patches and Vulnerabilities

Patches and Vulnerabilities

And Excel Is Back with a Vengeance

New Zero-Day Critical vulnerability exploited in the wild

By Marius Oiaga, Technology News Editor

16th of January 2008, 07:56 GMT

Adjust text size:



Enlarge picture
Microsoft has confirmed that the Office suite is once again under fire at the beginning of 2008. However, it seems that attacks only target the Excel component in a variety of Office versions. Concomitantly with revealing that a Critical, Zero-Day vulnerability is being actively exploited in the wild, the Redmond company provided assurance that users of the latest versions of the Office System are not at any risk from attack. Office Excel 2007, Excel 2008 for Mac, Office Excel 2003 Service Pack 3 as well as users that have installed Microsoft Office Isolated Conversion
Environment (MOICE) are not affected by the vulnerability.

A member of the Microsoft Security Response Center revealed that: "a targeted attack exploiting a vulnerability in Microsoft Office Excel. Our investigation has shown that this vulnerability affects Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000 and Microsoft Excel 2004 for Mac. Microsoft Office Excel 2003 Service Pack 3, Microsoft Office Excel 2007 and Microsoft Excel 2008 for Mac are not affected as they do not contain the vulnerable code."

Microsoft informed that the the new Excel Zero-Day is being exploited by targeted and limited attacks. A successful exploit of the security flaw will give an attacker the same level of privileges as the user, and the ability to perform remote code execution. But in order for an attack to lead to a full compromising of the operating system, the user has to execute a specially crafted, malicious Excel document. Attacks can come either in the form of malformed Excel files served as email attachments or from a malicious website.

"Microsoft is investigating the public reports and customer impact. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. At this time, we are aware only of targeted attacks that attempt to use this vulnerability. Additionally, as the issue has not been publicly disclosed broadly, we believe the risk at this time to be limited," Microsoft explained.

TAGS:

 Excel | vulnerability | Office | MOICE


Rating:
Fair (2.0/5) 6 vote(s) so far    

Read by 694 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


How About an Open XML Converter While You Wait for Office 2008?

Gearing Up to Ship Office 2008 for Mac

Bill Gates: How I Use Office 2007

Bill Gates Is a Busy Search Patent Boy

Office 2003 SP3 Disables Legacy File Formats

Microsoft Pro Photo Shoot Available for Download

Office Live - the Evolution

Office 2008 for Mac Is Here

Microsoft Offers a Formula for Performance

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

You are not logged on. Please provide your name and email address.
Log on to get your comments posted and visible instantly.
Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive