Excel zero day flaw announced

Microsoft released a security advisory today about a new Excel vulnerability.

This vulnerability impacts all versions of Microsoft Excel from 2000 to 2007.

In order to exploit a system, the attacker needs to entice the user to open a malformed Excel document. If this happens, the attacker can then take any action on the target system under the context of the logged on user. If the logged on user is an administrator, then the attacker can do anything they wish on the system (delete files, reformat the hard drive, steal information from the system, etc.). If the logged on user is a ‘user’ on the system (and not admin), then the attacker has fewer options on the box (read data accessible to the end user, delete data written by the end user, etc.).

Microsoft is researching the issue and will probably create a patch to fix the issue.

This is not unlike any other Microsoft Office vulnerability, except in this instance, knowledge of the vulnerability has been made public before a patch is available. Shavlik encourages users not to open Excel documents from unknown senders or locations.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: