Patch/Configuration Management, Vulnerability Management

Microsoft Excel zero-day flaw workaround released

Microsoft released a workaround on Monday for the recently discovered zero-day flaw in Microsoft Excel that could allow remote code execution.

The software giant recommended that Excel users not open or save program files sent from un-trusted sources.

Last week, just a few days after Microsoft released its monthly Patch Tuesday security bulletin, Mike Reavy of the Microsoft Security Response Center said on a company blog that it had only "received a single report from a customer being impacted by an attack using a new vulnerability in Microsoft Excel."

Affected users must be duped into opening malicious files via social engineering methods, according to Microsoft.

"In a web-based attack scenario, an attacker would have to host a website that contains an Excel file that is used to attempt to exploit this vulnerability," states Microsoft’s workaround advice. "An attacker would have no way to force users to visit a malicious website. Instead, an attacker would have to persuade them to visit the website, typically by getting them to click a link that takes them to the attacker’s site."

If a malicious user is successful in infecting a PC, he or she could gain the same user rights as the local user, according to Microsoft.

The Redmond, Wash., based company also recommended the following workarounds:

  • Prevent Excel repair mode in Excel 2003 by modifying the Access Control List to the Excel Resiliency registry key;
  • Block all Excel file types at the email gateway;
  • Block the ability to open Excel documents from Outlook as attachments, websites and the file system directory by removing the registry keys that associate the Excel documents with the Excel application.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.