Security Architecture, Application security, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Incident Response, TDR, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Excel exploit targets vulnerability in the wild

Microsoft this week warned Windows and Mac users that cyberattackers are remotely exploiting a flaw in Excel to take over computers.

The issue exists in Excel versions 2003 with Service Pack 2, Viewer 2003, 2002 and 2000 for Windows, as well as Excel 2004 for Mac, according to an advisory released Tuesday by Microsoft.

The flaw does not exist on Excel versions 2003 with Service Pack 3, 2007, 2007 with Service Pack 1 for Windows, and Excel 2008 for Mac, according to Microsoft.

The Redmond, Wash.-based software giant revealed that it is aware of only targeted attacks leveraging the flaw. Due to limited public knowledge, risk of exploitation is limited, according to Microsoft.

The issue is caused by a memory corruption error when handling header information, according to FrSIRT, the French Security Incident Response Team, which ranked the flaw as “critical.”

Secunia, a Copenhagen-based vulnerability monitoring organization, ranked the flaw “extremely critical,” meaning exploits seeking to run arbitrary code are in the wild.

US-CERT advised users to not open unfamiliar or unexpected email attachments and employ Microsoft's recommended workarounds.

The issue can be exploited via email or a specially crafted website. For a message-based attack, a victim would have to open an Excel attachment, while a web-based scenario exposes the user to exploitation from sites that feature user-created content, according to Microsoft, which urged users to employ the Office Isolated Conversion Environment or Office File Block Policy, if available, to view messages.

Bill Sisk, Microsoft Security Response communications manager, said Tuesday on a company blog that employees are working on a fix, but did not give a timeline for release.

“As part of our SSIRP [Software Security Incident Response Process], we currently have teams working to develop an update of appropriate quality for release in our regularly scheduled bulletin process or as an out-of-band update, depending on customer impact,” he said. “In the meantime, we encourage customers to review the advisory and implement the workarounds.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.