Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Microsoft Warns of Excel Zero-Day Attack



 By: Ryan Naraine
2008-01-16
Article Rating:starstarstarstarstar / 12


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Redmond activates its security response process after learning of a zero-day attack against a new, undocumented Excel spreadsheet vulnerability.

A new, undocumented vulnerability in Microsoft's Excel spreadsheet program is being used to launch computer attacks against specific targets, according to a warning from the software maker.

The vulnerability, rated "extremely critical" by Secunia, is being exploited to load a keylogger Trojan on select targets, according to an anti-virus analyst tracking the latest attack.

The attackers are using booby-trapped Excel documents, sent by e-mail to the target's mailbox.  If a rigged .xls document is launched, the exploit happens silently in the background, infecting the machine with a Trojan downloader that opens a backdoor and waits for instructions from a server controlled by the attacker.

Resource Library:
An advisory from Redmond's security response center insists the attacks are very limited.

"At this time, we are aware only of targeted attacks that attempt to use this vulnerability. Additionally, as the issue has not been publicly disclosed broadly, we believe the risk at this time to be limited," the company said.

Microsoft said the flaw affects Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000, and Microsoft Excel 2004 for Mac.

Desktop users running Microsoft Office Excel 2007 or Microsoft Excel 2008 for Mac, or who have installed Microsoft Office Excel 2003 Service Pack 3 are not affected by this vulnerability.

The company is urging customers who encounter strange Excel documents to contact law enforcement agencies or report the issue to the Internet Crime Complaint Center.

In the absence of a patch, Microsoft recommends that customers use its MOICE (Microsoft Office Isolated Conversion Environment) tool to isolate exploits.

MOICE, available as a free download, can be used in tandem with Group Policy settings to convert documents in legacy (.doc) formats to OpenXML formats, stripping out potentially harmful elements that could pose a potential security risk.

The conversion process takes place in a safe, quarantined sandbox environment, so the user's computer is fully protected. MOICE currently supports the .doc, .ppt, .pot, .pps, .xls, .xlt and .xla file formats.

Microsoft is also encouraging users to use the Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations.

For the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraine's Security Watch blog.





  Reader Comments: Microsoft Warns of Excel Zero-Day Attack
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 



x}kw6DىCO--my,u{wP$$1H Ie[/I%?ν݉m @^( I"gnZ΄¦dwC蝿K$w}wLUQR #3((bPs4mMFN@B~}@^sfwD%x_'Щѩ&€wɔZiКلؕ>}^qbw .pqLQCT:i?xi @Ib(CѺ(Dߵ-m:]'|W*UFn3p{a_ʞz5ExLԸ#|xB'g0;/<Pcw̪Ҵ?7Sա*v25vk>6^ ;4 Fȅ׳z$jRv'n@d jI::`iTi11܉\Lч@g`pm׃ɩVKTQ3c}fݳt{#Գƀu|ף&[!&$f v?ƭ RI'6qV#/g<muɣ59N.|'oD;QR"jt8KI 1u$/@Bݣs>o VQWB-hZIArIjaܳ|3+i*H,GѠ-?Z:U!UsX6&ZiCA+Wt1eP>i_?_r\w/ڽ>9]vSGR.0@|ˤdL2Xc]NR>o4+@_x0Nusa6 @̀kifkPXT@5@N)61rvfyM)IK2_^*-ɿE7h+dԜө$ɛ!"ˆGn9x|!XsI((GNe6\a>U<<vwܬu"jմީ-~4ҲKsI|IwNǫ #KEHYf7-wI0ꨦժ ,𢲯*X8ʍ85m!SGñA s&M:vPE0`;}FϨi-f8!9~tDAG66^zK tcj>; äWX8=Z sO6%H_¤>< 獂&z(tH h&r=kIOׇ.[? [ G`r\ɭ5E0kwMGHb1(=զρC/Y\7 )@}> nȲc@5\'1nUK\4fX3yo='.0bjjw:ϧHڶES}77BsݐC/2$\^&AB1 6d:l';/+PX[3R7)\EYbꞦ৚rH1g0dz7[Oq=137RtgZC+>q^i:[O%ZdY~݋pz9Tەi]jk-R?!d[g0 jQtTV0RHH*6@\Z3-# %>D!1~ha2(OpuCaC+[*+nS#0W4EJ,Yvn()z?Xr /XS؝z>\|:'{zL]?18]xyvO]?FB\S ˀ%\< MM̔>Y[ sD2|P\+PÜUru;˫ʰY]48Xq>O:z+@o{Lt Dm ǖ #}~BOO{b^ /D@dX(%Uql"zd\8˰De F;vm۽ t<05WKsY#gbNֳӐPS@1"^/t/U+/zO٘B# !W4q`* Z3l%3sGZ0.X^6>>ĦTQ߀*w Qքw& 0}{T:㽭 cA\$s gDrIa TWk\cй٩'7].KIlXxBS7ߏ90gxWyd.>3IV/ЪZZ:_ _2t0Ft!/cԧ8HȺ`@Br]TՑG7`sc'(bh6B\4<}gS(z`0$ 7Eඩ 9]P˶(dԈ̀|d0+nC-<֜H)XL MafFžiJm^RK{m7xE0TqVf1"FcwwŎjI,R܏sxbl՟Kh2h +RSJb/ 86a!o-";<^5P,4/E3p3eȊt0FyX!6 kq0n,|"8wDA$ۭ'VӿW}k-.T%"c^.2|Y_xޘGci }SU!ӔRe)6ڴCiA/omoj&l؞M[e,7;:PfX0ީ*~sřX:%Vrz ,q>tOM5:Ҳh b2}O,KeGQվn1TʵRM( 1CK9MLtuL B LKBw?dB[uN,@ m|CZOTK!I#y0×wg o@@lB=29bIw :Zu;a޺-XLh;γCX vIW4cV*J7eFV*NV$,< ?>7{d',jLGI4~&.rO%WW C Ϛϸ_@|/0_jY 5`ZV-~#0 9LƈQ@Z#GY`Y.|eժR+~8L3Az' vB:q-L6MR),9Je&_/$[ ir}e$ $"zJ3.=2 杨V*UYy48'ov/?Bﵺ01A AI2@"JCߵ?$s?l4F:w~ݕDwo;]wۃR^Ib λg sKuϥ_Awq@Dмp:κ~_+Kxl4Խhwq@*V'?}hKև?NeF&;fB,&8oIzqO'^i{{j+ms2.dٞhQo0 8筫 %Y7;$g݋u oлo=rH.κ.X"GB9>봮S|OM1fpRb s cn`&zi)䯎w\qb`NZ _k=W&7hafu0e2yy_aݪ,$20& Iku:;-   cJ=!ohwgѱ{k D bT0_RJI"Q,9]8Q9%l7 FWE's~iV T t6~O+0{pңXJL;Dzg{Nlp luYcrFv4-3_{w jEާPZIRB9oũ-xOӆO\(]ax!um q%՝r"n SAٸEO[ ,4mfSs$S)"ϔ 5-cye5)a5R!MLCYOC/ $f;R!.9YebsڀĴ&{6g Kn_"9#Y6[ VMG_8_`t[g",G7O4D\8!- Pݷ͆ܓ̆ݿwA]iNw7LUFᚎxP>?+$c:I"IQU֫UdU)I}Y)DǛ)G8GxL_uoǥ4LZ(?n[4-Ï G!e,`@K~tU˵Zr'F- ~ĶbRez@ )'{WX40:K,8,<8[ s*i U.}Zݠ$>r%LjuU .@plF0;* aLl[(gg_BD=9ͧzdfIHZm_jO'Rr-a2#_FBaϊK{L/k҉I׮w3M/q\Ytm a.“.A$1ۯE/+[QXUM)Rb0L%ޓ`b=rXc|O$W!6b$rG-~εs^~9wisd0n9av@:vM*Bb2<">#0@{D@"2 l9/8vn9#BɦoEJ{4G|¶V&iM ~j۶&1 1`8~6% s QĦǛ3fvVTPC*P*YTvyKqN" w~a~a~a~a>Z>X^+3+|v)PtI=]­Lx r^?owږ?ּo` [ a |4lD-0o![z_g^M͗!%j/MH ؝Ax]so-`š=4' -Ԥ. ꌗAeF 6JFI(hVj + |iRH,gqmnH}_8ҥ@eɼ}>0k [Cd9"@,i _ aZ"Sb{L4gC)FR_I\w4>qKݟ-UfTRg P"e\ŀ~% T$5ↄWyiexĕ ">=2 0 $a+S[}4nsN3ܧaB8BC 0R/l[jc0E3c ^ ǖ;f^sW{B% 7%{Fh-/ _ IfGzl aH뉧c){*bO}3m]oQ9N9N9N9NriYiq*2`@t $KdjV|L-ZR}]灺$G"Z<݋ [=uo冖Dkd?LS*1?b6+,0){r+#*1'{P~/ ܹU +˿14@ !6T;WC4O{4Mܴם77Jt7)i60$dh RQ!B0z1.`ܼ;rc/.=6IT:mcacl2xHie<}qRȚyjۚNf4v=\76bsFH%[g3??58~}ڠNAU$4ulW*} ХcQkklQ~%ow8$A" a@2yYmtυKy;߃J#*Zom)YC9 tφ7YUV\Vs;mkB *ڋք8_|Zë20KHɚ3nzATZSh~7|d62S+Ys^II-ڦ/h `|F0 c l SG(W#~s@VE~[GV̽+I敲b;`B֭":f6 d&pj2Q/Nd [IHgsS8W"PcEX1,-i^da{]ì'Vᆂȟ zs݃^&]ݽ]T+\&ܺF&?I _BK{~i >G-N F/*`l{;pOȦ}S&Lm 0 Ŭh61b\K}͝~KeSSٿcGi=2݀`*k+H$-sO| 9[ьJCMwĭA:@~XPAfXt~D)(1Kl=Mݟ)*b ?B~LuM|'z#o?&A&Su(,1Nt a<R-,:_{EoJ! <5Х=d=Nw Ȯ`O8av^P|l:.?jj}:.#-^q I YW qCvK rΗGâ$G#0k~'n"j\;jsųr&"&JjidI}$F₧tEϽcDh긾\s[a0V'gB8AXJrXDJŇ!^ "K&5Dy3t{eaŰ1fSYh9u]!f11ǜSS1s\:$VG ]I1xy[/M֘0HtL'f<::BMDEmWUBhx#-F55Rhs´5̈Gbv \mz^C*J[7^6.W@O[jkhDP"ͪND pdͺMȓPc-* ;,A[e>5=$7[+`65&OR!g@%UX7\ 0.5)lW/ժP+)ZC;ڊo4JzKƉ$&SX^7`t jg~R݈,, <W0~ 1Xb ֿ&|Ɍ:-Ci O׈1c$<+DU<11t#PγjNT\OpY˘|VZ_ܰJ7o8gt$rkqCL9 W}e_)a#{C~b #:- Z Uy-F(ЄG#ws3Uϸt:sxXҚ^C. Q? {pbZ1Ř!&"c |Y^sL{S{9%!Kq{E;y@ƨb)qF(`WE7@,G,(Ϗpk'TJTmn$>9[x]ČS,,2E<ezw?,Gwe~7l7 r[fV"pRty 6t0QS=1U&F > c8[7'ΥIE^~|N]ƒ $Bq0Ӝhpu!oX2|%{xCbRWkJ%|uweX &zDf/ͪG2qƥ&JZ J`xFA dhz߃[XG|LBz،P 0D39]9tHQ{9.QwG5} 'ZOGݪ;GE{1(4O,41F;6M&ƋBrde(AN.Zf,(NL3\H^Eƒ,^;KKvE3@cqy^ Eyx#U6üzUzuLǬSOA~ݾZ>ZNAw|vuQŚΧ6q@Q*1}P܄qP ";g]t Фo%u[g@g9?C9_KN_eR[9=(#ۀv'ʏO?'9cviAS(?)-sa~/r".`.r#z _z92>.˜~r猿7ȡ?>'(W3OO9rsڿΡ=>k]T(RhK "S^9,.NruxvYYj7m(ϋ1y}³2AC:*k6:5Q3[ %C8{yU?f49x|fOvHu6l}谇b(O4Tq< 5'pJ!J81|fZg~NqbB]Q[t=ӯ.h ;םCö0A H5ZUj;_" #>DMjJUNmժ~\,.g /(@#غ7M{%}C7"8fȳRLq u+J!'\Bx{!22fdof2 %aw8agI5@98L@,(sY^FlO\B/#Vw-_iǤK4l!%KlŜʹ1vu̿6Mp]G ?n 3Εy Ʊ تGnѨscx uY+8]7tճmb-]3K~כxR Hvx*8AL:LĞ_ =>ZoTù(++Є0, {+2‡_JdԦE^ ϫma?>V@U}Ì# 1,;ԟ#1H YY/¯wptѷkd9HR=I*4uMfβِ)"szlo%0)% KlCYo =c*u b9?"ㅰx߃! TL,sD?>K:#;31QTZ= v,8^z'ϓޒ{ƾ( ;C`HA1^Q$L{x Cr8vI 96%O-  `⎈MW6i֘H\*,Elf  ΋?HLwKCNatK2#Q!*]^x9@xmҵh_ɬnQ|1-%/#=^Fc`p ۂ{Xi[JpC)tO˟M˰CVx3AEk^rXտ$=q얢unDUfxlw6 ^chX$֬-"K1GNg=zk|XKzBM萻kÔ{y0ѕD1F(-f,1s,@< փ LW=`#hxj"nh1 d'kI )}ɦbGnԌaBbv L$g8% S^೐b,/A,TT/D4;NB}aEtLR<'\B1,#6ĊN|]r1Nʓ@:iw>Jz{`g~K'O(QF2p:8XS|;]`֍^z:UE[ +K- QwA0}e^|HVzvS&ȕ/2f#oUAޚ[fCժZ-Nbj~ۊ#iQf8&rYOrѥ;7 P%Oa6%s\ɜKRSk$5WYViQ}&' Cfaa؄;66BJF:6L]_[ P֔*o)