Patch/Configuration Management, Vulnerability Management

Microsoft Excel target of new zero-day exploit

Attackers are exploiting a new zero-day vulnerability in Microsoft Excel, researchers said.

Microsoft on Friday released an advisory warning users that it is investigating reports of "very limited" exploits of Excel in Microsoft Office 2000, Microsoft Office XP, Microsoft Office 2003, and Microsoft Office 2004 for Macintosh.

"This is an issue that could allow an attacker to execute code on a user's machine in their security context by convincing them to open a specially crafted Office document," Alexandra Huft said on the Microsoft Security Response Center blog.

Huft said Redmond currently is only aware of Excel serving as the vector, but she cautioned "the issue can affect all Office documents."

The new Office bug adds to a growing list of unpatched vulnerabilities in the popular application, including at least four affecting Word.

The next "Patch Tuesday" is scheduled for Feb. 13.

Click here to email reporter Dan Kaplan.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.