Microsoft Confirms Excel Zero-Day Attack Under Way

By Ryan Naraine  |  Posted 2006-06-16 Print this article Print

The software maker activates its security response process after learning that a Windows customer is the target of an attack against a new, undocumented Excel spreadsheet vulnerability.

Microsoft June 15 confirmed that a new, undocumented flaw in its widely used Excel spreadsheet program was being used in an attack against an unnamed target.

The company's warning comes less than a month after a code-execution hole in Microsoft Word was exploited in what is described as a "super, super targeted attack" against business interests overseas.

The back-to-back zero-day attacks closely resemble each other and suggest that well-organized criminals are conducting corporate espionage using critical flaws purchased from underground hackers.

In an entry posted to the MSRC (Microsoft Security Response Center) blog, Microsoft Operations Manager Mike Reavey said the company is investigating "a single report from a customer being impacted" by the latest attack.

"Here's what we know: In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an email attachment or otherwise provided to them by an attacker," Reavey said.

"Remember remember to be very careful opening unsolicited attachments from both known and unknown sources," he added.

Microsoft has activated its security response process, which means a formal security advisory will be issued within 24 hours to suggest mitigation guidance and possible pre-patch workarounds.

"We've got the Office team engaged of course, and they are hard at work investigating the vulnerability," Reavey said.

According to security alerts aggregator Secunia, the Excel flaw has been confirmed on a fully updated Windows XP SP (Service Pack) 2 system with Microsoft Excel 2003 SP2.

Anti-virus vendor Symantec said Windows 95, Windows 98, Windows Me, Windows NT and Windows 2000 computers are also at risk.

Symantec was the first to raise a red flag about the attack, which includes the use of a Trojan horse program called Trojan.Mdropper.J.

Read the full story on eWEEK.com: Microsoft Confirms Excel Zero-Day Attack Under Way


Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.