Microsoft Security Response Center bloc has reported an isolated incident concerning the exploitation of a previously unknown security flaw in Microsoft Excel. The attack was carried out via a malicious Excel spreadsheets attached to e-mail.

"In order for this attack to be carried out, a user must first open a malicious Excel document," wrote Mike Reavey, an MSRC program manager. "Note that opening it out of email will prompt you to be careful about opening the attachment. So remember to be very careful opening unsolicited attachments from both known and unknown sources."

The undocumented Excel bug permits Trojan.Mdropper.J, masquerading as an Excel file, complete with the .xls file extension, to drop Downloader.Booli.A Trojan horse with the following name: %System%svc.exe and that acts as a backdoor on the compromised computer.

Symantec announced that the Downloader.Booli.A affects Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP, and that it may download additional malware after it has infected a computer.

"For now the issue has occurred only as part of a targeted attack," Symantec said in an alert issued through its DeepSight Threat Management System. "However, with the disclosure of this previously unknown vulnerability, new attackers may begin to exploit it in a widespread manner."

This comes at a very favorable time for hackers, as Microsoft is not scheduled to launch other patches for at least a month.