Excel Patch to be issued by Microsoft for new Excel Flaw
According to reports, Microsoft issued a warning last week that cyber-criminals have been exploiting a new flaw in Excel that has apparently affects several versions of its Office software including the version that runs on Apple’s Mac operating system.
Microsoft warned people through its security advisory that was issued last week, of a very limited zero-day attack. This zero-day attack it seems, takes advantage of vulnerabilities in the Excel spreadsheet program. The latest flaw apparently affects Microsoft Office 2000, Office 2003, Office XP and Office 2004 for computers that use Apple’s Mac operating system.
The vulnerability is caused due to an unspecified error when handling strings, and can be exploited to cause a memory corruption. That successful exploitation allows execution of arbitrary code, and this results in a compromised user system. Further, Microsoft said that attackers are sending e-mails with malicious Excel attachments, and are also hosting Web sites that have Office files, which attempt to take advantage of the security flaws. So, once an attacker exploits the vulnerabilities, he can gain control of the user’s system.
Microsoft also pointed out that the vulnerabilities might extend beyond Excel. The software giant also said that while they are currently only aware that Excel is the current attack vector, other Microsoft office applications are potentially vulnerable.
Microsoft is thus asking users to avoid opening or saving any Office files that come from unknown sources. Even Office files that are e-mailed unexpectedly from trusted sources may just be dangerous.
Microsoft also plans on providing free tech support to customers who believe that they may be affected by the zero-day attacks. Microsoft is expected to patch the flaw as soon as it released its next set of security updates which are due on February 13.
RSS |
Permanent Link
|
Del.icio.us
|
Cosmos
|
Digg
|
|
