Today, Microsoft released a security advisory warning of a very serious unpatched Excel vulnerability, which attackers have already begun exploiting on the Internet. The vulnerability affects all current versions of Excel for Windows and Mac, as well as the Microsoft Excel Viewer and the Office Compatibility Packs.

Since Microsoft just learned about this flaw, they don’t describe it in much detail. They only describe how attackers exploit it. By enticing one of your users into downloading and opening a maliciously crafted Excel document (.xls), an attacker can exploit this vulnerability to execute code on a victim’s computer, usually inheriting that user’s level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user’s machine.

With attackers actively exploiting this vulnerability in the wild, it poses a critical risk to Microsoft Office and Excel users. Microsoft hasn’t had time to patch the flaw yet, but they plan to do so in the future. Until then, we recommend you implement the workarounds described below to mitigate the risk of this dangerous zero day attack.

Solution Path

Microsoft has not had time to release a patch for this zero day vulnerability. However, the workarounds described below should mitigate the risk of attacks currently circulating in the wild.

§ Inform your users of this vulnerability. Advise them to remain wary of unsolicited Excel (.xls) documents arriving via email. If they don’t absolutely need the document, and don’t trust the entity it came from, they should avoid opening it until Microsoft releases a patch.

§ Use antivirus (AV) software and make sure it’s up to date. Some AV companies already have signatures that detect these malicious Excel files. Other AV companies will surely follow.

§ Use the Microsoft Office Isolated Conversion Environment (MOICE) to open untrusted Excel document.� MOICE is a Microsoft add on that provides a special environment which allows you to more securely open Word, Excel, and PowerPoint binary format files. For more details on using it, see the "Suggested Actions" section of� Microsoft’s security advisory.

Be Sociable, Share!

• 

This entry was posted on Tuesday, February 24th, 2009 at 11:48 pm and is filed under Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.