Microsoft Warns of Attack Via Unpatched Excel Flaw
Microsoft says it was made aware today of a previously unknown security hole in its Excel spreadsheet program that was used in at least one targeted attack against Windows users.
In a blog post put up this evening (ignore the time stamp; Microsoft's blog is set to GMT), Microsoft had this to say about the flaw: "In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an e-mail attachment or otherwise provided to them by an attacker. (Note that opening it out of email will prompt you to be careful about opening the attachment.) So remember to be very careful opening unsolicited attachments from both known and unknown sources."
Always good advice. Anyway, Microsoft isn't offering much more information about this particular flaw at the moment, but a source of mine forwarded me a link to a security advisory Symantec posted today that supposedly includes a brief description of the threat Microsoft described. The folks over at the SecuriTeam Blog also have posted some information on this as well.
Update, 2:10 p.m. ET, June 16: As one commenter pointed out, the piece of malware from that Symantec post that actually does the exploiting of this unpatched Excel flaw is another bugger described in the advisory, which Symantec is calling Trojan.Mdropper.j
Posted by: Amos | June 15, 2006 9:01 PM | Report abuse
Posted by: TEFL | June 15, 2006 9:23 PM | Report abuse
Posted by: Pete from Arlington | June 16, 2006 12:52 PM | Report abuse
Posted by: Pete from Arlington | June 16, 2006 12:54 PM | Report abuse
Posted by: James. | June 16, 2006 1:14 PM | Report abuse
Posted by: John Schofield | June 16, 2006 1:37 PM | Report abuse
Posted by: John Schofield | June 16, 2006 1:41 PM | Report abuse
Posted by: Bk | June 16, 2006 2:23 PM | Report abuse
Posted by: Qian Wang | June 16, 2006 5:13 PM | Report abuse
The comments to this entry are closed.