Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Microsoft Issues Security Advisory for Zero-Day Excel Vulnerability



 By: Brian Prince
2009-02-24
Article Rating:starstarstarstarstar / 2


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Hackers are targeting a zero-day vulnerability affecting versions of Microsoft Office Excel. Microsoft has publicized workarounds for enterprises as they await a security patch. If exploited, the Excel vulnerability could allow hackers to execute code on a vulnerable system.

Microsoft has confirmed that hackers are targeting a new vulnerability that could lead to arbitrary code execution.

In an advisory, Microsoft described how the bug can be exploited using a specially crafted Excel document. The malicious Excel file attempts to access an invalid object, allowing the attacker to execute arbitrary code.

According to Microsoft, the vulnerability is currently being exploited in "limited and targeted attacks." The advisory addresses Microsoft Office 2000, Office 2002, Office 2003, Office 2007, Office 2004 for Mac and Office 2008 for Mac.

Resource Library:

If a user is logged on with administrative user rights, an attacker could take complete control of the affected system, gaining the ability to install programs and view, change or delete data, Microsoft warned.

"We have added detection for the malicious spreadsheet files we have seen in the wild, which will be detected as Trojan.Mdropper.AC," said a post on Symantec's Security Response Blog. "The malicious binary dropped by the spreadsheet will be detected as a Trojan horse. Ensure that your definitions are up-to-date to protect yourself from the danger this issue presents."

Microsoft recommended setting the "Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations." Instructions are included in the Microsoft advisory linked to above. Another workaround is to use MOICE (the Microsoft Office Isolated Conversion Environment) "when opening files from unknown or untrusted sources." Instructions for installing MOICE are also available as part of the advisory.

There was no word from Microsoft on when a permanent fix for the issue would be forthcoming.





  Reader Comments: Microsoft Issues Security Advisory for Zero-Day Excel Vulnerability
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


xv㶲 ;^+(}LRlm,oKޝofiQ$1Hn%sּv@ߨ2t3ݛ6BTuT%hʏ1"|Owг{/PQ~jXLߵC2hj9:Hૌ=ahBz.91rx&- #,gu'9"S#& BhlU"iRi13܋kc9 N\^ Z3ttԭSzcGGgԏ` 1,{~0[ QK.lZJP['C;)xt ۱ȭzk׳߂CݸxgD TmO |lG?0}5OLEsˡ,șÌfXqi 푦J5(GJ\S#gQ>o#޷L{`TyÙ|k[7~](eU]ϯr$QPw۷@ږu`(:n{'Owqq is,/wD_*0QI- Y|-D'Y^oVqW-b)ڑVP]GF[zOa`%pfQUrnOgsKߺnZ:9?nΐ}1fP+M~(#3hؕΊgxg_:nNo9nڗݛ9^֧Iٙ{Άt4ڟm3H/k*}kup}O{uH0|kh2`m8;RZIjgdN'W-2 I|S8)ysA {훨-tK[9K }!x-? ,+Rk7G 8Zujt+UkotUT #dh&ͻzh-Aho*KLru&@Sk~$M #k 3!RBʼĿIK _{@@ZR~nV(nS%EI7#DD vQ\B(pHq> R].iX\qq]7+De., s5-w>E?iQw9qj?^NI{Nko_F8 ,heݴ 7MGRŦc*%xX=*BE*GUL Fm!S[ö@ .S#:V}y0`;}F{gtdgnۉ9~t$ࠣM/6G˥qn15 @ Ln0i| V83uCuӹݰ=WsF}j`IE 6LR}b;>ld$4(sw[LL`rWwCPb1LTE}vAC ,zu= } o  t҇&ܠ>Ԇ.q<ɜ+) T@H#"D% T h4AǰEENmH^KHX-Vpp(ݞHp&@-JEs㙰TL٣XB YX/_23CCɴaX9{DMfT`B[ᛥLKak`F^rA+ŲMCAfГ޹ .z*Hp0ѿy6yBfOx;r+ߌf;NrB@S*,H@fmdz?Gw LRd0uf6I :3Xh8G/C4jM;24[I%ͺh@r6ҁviXZ @-Ŀei -a-VX5QW(: ,)T saŰ,Bl6<E9̆ɨ_-iMv;plpc|n_&TYWӟLYZf<[)ZHjjXL[6Y`aPeQ@Iirij>NȃX`O?=<fqXSt+@Zl&VUmTHbp=PF˸hFq,@XĞ=8]%8sM^\X/+]69g"@0oYX:=4̄+ulZ'TMq{;Hy55̆RP՘IO9&_G5 k*Q +gXsMt]Q[# X1D:=`_mpfZ FZ."f~~~029?\v>ڣdN`'\sW["LJ}#Μi-L,*I-b]Pr)SLZ06AaeL副^txOFM@X 1$/Pk :0!/P\Q-W0.#_L_LU1(TOnQE^~~ VKŴ谢zԘ{}Qː 0gted- IR-frheU-UjR9 D+Ϗ9N]j@'x /Oq8ݩM??3 Y8A}v݁/r?2;|d2,` |"ybėaE*ӕ~>V6ʼnG =q?@*2 Xܚ 0(E{耰⢉!h{34khý235RZS*ݝ'(R~hoZyRYf0`%5-* ?ŤD LkQsGŕRzCgîcfuMafFžJV-5o`f/B[$ zTÈ i{qĆZ ) 5gH5ysV9y]%fZ+a1yߙUzrulFoCցh 0>0R#ٸU V|eZU ՂVE'Lt0|G.CGTTFogA"WS[U:ɹT.jZb[)Uʹ>"s4>zAbQ=Y rrjT GrF2xHb.O}+&<==a?up-<92(jԈ 8fX&1솿V(ًk㘌t/x߹X?hUeQbsE1 7cyJ~Zg^pR t(ЕnڧCR>Y/5;χxg?v00Vy?J0WKKKxi}y!)X|xxy*;-~l1z˾WM$(XNptc!'q/gz^Dl5z>h F$;V9ݎi^o_/iOk~J\/[R^{%< rDpAj^_'d0| srj^6b `[&IEqD=Sk!ktgLtܗi3 T/Us>֒\z$ MN3dn ʆq)ې}oE19 ºUXȬE`#PH2'_aH@ $X)XAU:ݻh~Nku؋n/ m  ,Щ cAHFrI'zRG>egu3_f Rt<~UrڿPעo1Mr!}J_cNfo4~ P=8,lrh%縵vi^a~wbSP݃/Zr30y!Q2 7?،E馺Z7djFԎ8%4 \(1O[bt#1%N1{LEl'iiQ%uyjtJ1SBt'02H P,O&e=lI1 iKBih%bbVHJowռܞm ybXýK3Bvmc% TgKe  KqkP I"+ `-;|C?SJ[LXuT䵤 g[YUHN~OJ>lj9l0`&0!9ϫ|1{~U*۞l#H6?{'q?K8:Gw*b9,_@ݞpne?@|;=sF'5\{H&CucJNj=0ف9~Dלπ(|sE1SeNx>HАߙ=p8#M LwzF]Yda.}?H/KcvO n<s7t3VTsb{I6$BUUk ۻʾ\8%'+Tx|1q/nV (fެyi16>gnR3-|G>{~}I.e~W(;_bO$J骇\%(]MZZ|W%0.ց-@D I b_1>r!ўGƳβ-˖_|fhHZ~ .JW&ҌJc}NC\]RŇ8;.mZӜe{ u[%9CH_3Jvc5YJyG|GX' +9999sV*jw}ĉ}]Qqqm`*1d_~_|H{ XH-X|ˑG$`XX" aRu hфj_f}a%4TmKz1׭O֍&zUiKW!aFOx-^z@HWeSX+ֺx! @xаbAx 9c|!6{ Ez 25^ʖY!'l릎n|$hzLAwǮ ey`ײIĻbe%h) z hA=,ߒujQ_'veFVF ~%zj/T-X`VE|?RoȲ %axS3o ;-x5LGvl¸`nTmk4>BB$ DǎMtBzi)dh<Җ\b.Vز9̇fLHja8X(cFlӁC$DI;H#PB+Ij<:wI'$ʽjR ڟRI-I=昚G+x6;= T<&?"eפ] HC˜`O~ "$}oZK;#=ACD6[_rƘ⪲1t%!k oG_Clr|Pk硫-n=\9#CZŪd}>2/<voS^x}'٪Kp!@,sicRRo4 aФΝ,OD~ixӜn]`NlIz R, Xj}_`0tEjDx O=~sKP2\gVuݍC6v/K=f_|9\Mׅ9/{I@{  |+z\lƖ/uYJ³Y{[_yJX ,g *. Xcg$%?[^ZVm*6]-Ok");Մ_|ߚ'40ݾHyf.>x!Ujf5N͢dm]$5?hVro6` lj[->ŋl]򽧻. {E[_[ˮ={tѥ|ioJY0Y_ˮGbp,ȩyyݡz(  5V$HXgL4s+x ([ 0#J=Ub98\"O.=_}4,|Ms'~^K{3WgǗ+`a@{/61 "S,C$&pP]}zUc!cm\51^XMC̟jQ^yƀT<v"Afk跔GV>ߒ|}P.[˜W-V]M5ƑeoAH+1{wi/1~J+k6&K=(;&{юMݺ5nt)6gw~1~bϋ:Z碷Ķ+ӿiZ`3+nޖTm}qVҽ]F Rd 3}$纭ۦ~ l1y.5L?_J m+QA9kq&[q{Za\k`Ӆ;zZ*F6#ZIik84xޞ;SO L%& J!47\CP |˜o;Wq+P~ЪۣV7n kbu<ҁL+q,q㶭E1m/j>oIׄ^P> :{ᛂrPZ-"F/|T0/b=#-񸐤#C a<{D=1K= o~{@\œr q,-D||0XV$ʽOg-<-RWld""% Iuj}@~h/ew[=Ct樯MdXZyoK:;@hJY!:fl!'vѻ 2y»9[,af4:`F"O-c8= SܕɭS634%~6t0^Q1e&}.(%nK !byL ]ǒ 4B1hVX o6"n"YF;AaP8Z  +z+U'I]U@)9CȮ KƪZJW4oSCwe2Vq*Lz%rx3WW0`A='i92fg4t\@%55{|a3brOuvWWY4uEz{'~{I[;t٥Χ5A^^ZǼ>sN{08SD^u'VԼVxyxQ?dd_C&pj3 ݌rSi+O֗}2Pq}y;8o/oӌrgڗ;\C/3^_~/2ldOw};}:@;v2Oˌ_~OP~Q(GFy;0{ s!?0~wAt3OK7C\\eԿʨ s?=/=/}~Z_c}OYпOA(*h&࿛ Ku1Ay3CΚWpz~;"9(/R*Ȫ_y*%YFy 3YY ~veX^eй\52Я!ew2~2Ai_tO aqʍ%5Mk[I2}ח: c|*,xWbJyHGW4<< X1rnms-(c#h cHO8ѭ<\-c#]~̬((G@Kn 9ڍ59#rӚܴO]ŭhg?>/ydֺ+_5VlNA6KE>Y;yx߇O D,{ e%Hi_1\==LzxW~JnAmzg4`/{hgdA]edz37Us !Qa໯0dH= .ŁS @oz(_ MW+ 7\1vLG21Nr|(VT+[-WJr= fDD#jJ]N-JTL3B /(@#غM{%}Ciy=q̐ga1V1;B&\Cxߏ щW&ۣobe"jf2aQKCt8c+x;b(q ?,(s[\FlBCVx3ϩhcƥ 6V{[2gډe:G鴔q8Ss#ӄwY"Dstm 4@;4D ZSx3l1@Й z0jGw 0 hJ/.ӡx[CKQ,V3/j1M45~/cP<ՍP;ul>9+sooV1a`a?>N@>AՋpO`Hz P%)^Ղ[#rF331F#qyU p+Ƌrd{Goڇ~sWԕU`g#~"3V[œA6p8&s`ܐ}olI CO?Fu:h Y W963[ +"ۂ 3-Ӭ>s¥"UXJMX,8. k4⿜9;\r,#<[_ڵhrujAt[] <v7sC+_2qN`WH؂{!]R>ŔK.)tO狰ANtnU_{ QFbf]9NRjãō ,c-ԭ<P0_C~M.v^e܌1uF:]hT[_ )^UDs^+Sy-]E>*;A\gXIڙBαgb@8f{9r+o=Љeƿ9a:=Y:}#s!oYX&7ęV /kti( aaXY;D,5Rb:(=zk|FXK\Mhc{pfif#3S3 {τ T4}j=]x O!0(F""`\YG7X]t1^ʳe_:kvyH%Dn`g񳣸FK+|vQJe4m&l2)v}ml-c6C-{?0&*