Hackers are targeting a zero-day vulnerability affecting versions of Microsoft Office Excel. Microsoft has publicized workarounds for enterprises as they await a security patch. If exploited, the Excel vulnerability could allow hackers to execute code on a vulnerable system.
has confirmed that hackers are targeting a new vulnerability that
could lead to arbitrary code execution.
In an advisory,
Microsoft described how the bug can be exploited using a specially crafted
The malicious Excel file attempts to access an invalid
object, allowing the attacker to execute arbitrary code.
According to Microsoft, the vulnerability is currently being exploited in
"limited and targeted attacks." The advisory addresses Microsoft
Office 2000, Office 2002, Office 2003, Office 2007, Office 2004 for Mac and
Office 2008 for Mac.
If a user is logged on with administrative user rights, an attacker could take
complete control of the affected system, gaining the ability to install
programs and view, change or delete data, Microsoft warned.
"We have added detection for the malicious spreadsheet files we have
seen in the wild, which will be detected as Trojan.Mdropper.AC," said a
post on Symantec
's Security Response Blog. "The malicious binary dropped
by the spreadsheet will be detected as a Trojan horse. Ensure that your
definitions are up-to-date to protect yourself from the danger this issue presents."
Microsoft recommended setting the "Microsoft Office File Block policy
to block the opening of Office 2003 and earlier documents from unknown or
untrusted sources and locations." Instructions are included in the
Microsoft advisory linked to above. Another workaround is to use MOICE (the Microsoft
Office Isolated Conversion Environment) "when opening files from unknown
or untrusted sources." Instructions for installing MOICE are also
available as part of the advisory.
There was no word from Microsoft on when a permanent
fix for the issue would be forthcoming.