MS Excel Users Susceptible to New Vulnerability

Dennis Faas's picture

Microsoft has warned users that yet another critical vulnerability has been found in its popular Office spreadsheet program Excel. The flaw could allow remote hackers to open and run malicious code on an unsuspecting user's computer through an infected spreadsheet file.

The attack effects users of Microsoft Office Excel 2007 but also those using any of the older binary .XLS files. A user opening a file, probably through an email, will be asked to open a malicious spreadsheet. They'll then begin downloading at least two files onto their system, one valid, the other the malicious binary. Once the new and infected file is opened, unsuspecting users will unfortunately execute a hidden Trojan horse downloader that could be used by hackers to log user keystrokes and any sensitive personal data, including financial information. (Source: arstechnica.com)

Attack could evade detection

Because the attack rather sneakily uses a valid document to mask its true intentions, many users -- even critical or cynical ones -- could be duped. In addition, security companies examining the attack have found that whoever designed it was wise enough to include weak encryption on the binary, meaning it has the potential to evade detection software.

Thankfully, attacks have not yet been widespread, most occurring in cases where the hacker had a specific target in mind. However, vice president of Symantec' Security Response Vincent Weafer doesn't believe that means anyone can let their guard down, particularly those most likely to be attacked: government or corporate officials.

The attack's design "shows that attackers are again looking at these common applications as a means of getting onto the system," Weafer insisted. "Typically if [the threat] is crafted, it tends to be very selective." (Source: crn.com)

Microsoft still working on a patch

Even though the majority of Excel users are unlikely to be attacked, security experts are insisting everyone remain vigilant. While Microsoft is still working on a specific patch at this time, users can strengthen the security of their shared applications with the latest updates while keeping firewalls up and antivirus programs up to date.

"The message here is, make sure you're paying attention to your patch updates for all of your applications on your desktop," Weafer said.

Rate this article: 
No votes yet