CYBERSPACE – Computer security analysts issued warnings Friday confirming that a recently identified “zero day” vulnerability in Microsoft’s Excel spreadsheet software has been targeted in at least one attack.Secunia, Symantec, and other security firms issued warnings last week, with Secunia bestowing its highest level of severity, “Extremely Critical,” to the vulnerability.
Symantec’s published advisory detailed how the attack utilizes a Trojan horse as the delivery vehicle to exploit the Excel flaw.
“Trojan.Mdropper.J is a Trojan horse that drops Downloader.Booli.A on the compromised computer,” states the Symantec advisory. “It exploits an undocumented vulnerability in Microsoft Excel. Attackers are actively exploiting this vulnerability in targeted attacks.”
The vulnerability exists in Microsoft Excel 2003, Microsoft Excel XP (2002), and Microsoft Excel for Mac products, according to the advisories issued by Secunia and Symantec.
Mike Reavey of the Microsoft Security Response Center (MSRC) stated in the MSRC blog that, as of Saturday, Microsoft had received only one report of a customer being affected by the flaw and noted that “in order for this attack to be carried out, a user must first open a malicious Excel document,” and advised users of Excel to exercise caution when opening attachments from both known and unknown sources.
“The MSRC, together with the SWI team, have identified some workarounds that help stop the attack,” Reavey posted to the MSRC blog Saturday. “However we’re concerned that they might have an impact to the usability of Excel. Based on some of the customer feedback regarding the recent Word workarounds, we want to take the extra time to fully vet our guidance.”
Announcements reporting the Excel flaw and new exploit targeting it come less than a week after Microsoft released 12 security bulletins with patches for 21 different vulnerabilities in its products, including flaws in Office and Word.
