On MovieTome: TRANSFORMERS 2 has THE TOUCH!
BNET Business Network:
BNET
TechRepublic
ZDNet
98 TalkBacks

By Joris Evers
Posted on ZDNet News: Jun 16, 2006 5:14:00 PM

A new, yet-to-be-patched security vulnerability in Microsoft's Excel has been exploited in at least one targeted cyberattack, experts warned on Friday.

A malicious Excel document is sent as an e-mail attachment or otherwise delivered by the attacker to the intended victim, Microsoft said in a posting to its Security Response Center blog. The Redmond, Wash., software maker said it has received one report from a customer who had been hit by such a problem.

"In order for this attack to be carried out, a user must first open a malicious Excel document," a Microsoft representative wrote. "So remember to be very careful opening unsolicited attachments from both known and unknown sources."

Samples of malicious Excel files called "okN.xls" have been found, Symantec said in an advisory. The malicious spreadsheet file contains a Trojan horse, called "Mdropper.J," and program called "Booli.A" that can download more malicious files to an infected PC, the security company said.

"Attackers are actively exploiting this vulnerability in targeted attacks," Symantec said. The issue appears to affect all versions of Excel, including Excel 2003 and Excel 2000. If the attempt is successful, the intruder will gain full control over the targeted computer, the company said.

Word of the outbreak and of the new flaw comes just days after Microsoft released 12 security bulletins with fixes for 21 vulnerabilities in several of its products, including Office. Some experts believe the timing of the new attack is no coincidence.

"In recent similar attacks, Microsoft has not issued an out-of-cycle patch," Scott Carpenter, director of Security Labs at Secure Elements, said in a statement. "The exploit's immediate release after 'Patch Tuesday' is evidently designed to take advantage of a full month before Microsoft is scheduled to patch it."

In addition, the monthly set of patches Microsoft released Tuesday included a fix for a Word flaw that had already been used in targeted cyberattacks. Instead of issuing an out-of-cycle patch, Microsoft recommended that users be careful in opening Word documents and that they run the application in safe mode.

Microsoft has not said whether it plans to release a fix for the new Excel flaw. The software maker said it has added detection capabilities to its Windows Live Safety Center for removal of malicious software that attempts to exploit the vulnerability.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 98 Talkback(s)
Scince XP SP2 and Win Defender
NT (Read the rest)
Posted by: Cayble Posted on: 06/30/06 You are currently: a Guest | | Terms of Use
Well then, those Google Spreadsheets are right on time  Boot_Agnostic | 06/16/06
Google is behind this!!  NonZealot | 06/16/06
It was one of them  Boot_Agnostic | 06/16/06
Your such an idiot!  Linux User 147560 | 06/16/06
I was expecting something better than this Non-Zealot.  I'm Ye, the MS SHILL . | 06/17/06
Who needs Google spyware?  georgep_z | 06/16/06
Your web browser would have to have a flaw for Google spyware  quantumstate | 06/16/06
Google Spreadsheets are just a toy so far but...  jason.mailley | 06/16/06
just the tip of the iceberg  not of this world | 06/16/06
Why is it, so incredibly hard for MS to completely patch  michael_t | 06/16/06
Why is it the only people that are complaining ...  ShadeTree | 06/16/06
Linux Luddites?  techboy_z | 06/16/06
Now now  NonZealot | 06/16/06
Let me take some of this back  NonZealot | 06/16/06
Since..  cashaww | 06/17/06
Ask yourself why?  NonZealot | 06/19/06
Yes Linux Luddites.  ShadeTree | 06/19/06
Linux Luddites  uM0p ap!sdn | 06/19/06
ok  Jack-Booted EULA | 06/16/06
You use name calling because you are incapable to reply as a  michael_t | 06/16/06
WOW!!!!  Code Poet | 06/16/06
Welcome to the "WeLoveourMS" Club  michael_t | 06/16/06
What are you talking about?  Code Poet | 06/16/06
Please let me explain...  ShadeTree | 06/19/06
apology accepted but do not do it again !  michael_t | 06/19/06
For the record...  slingzenarrowzuvowtrayjissforchin | 06/16/06
It could be...  cashaww | 06/17/06
illegitimate & illiterate  Network Support | 06/17/06
well it seems to me you understand so little  Andric_D | 06/16/06
I am sorry that you shoot yourself in the foot, but before you blow  michael_t | 06/16/06
Here you go, read and weep  Cayble | 06/16/06
So even though what is state is "not very smart" why CANN'T you REPLY?  michael_t | 06/16/06
just copy the contents of this site in your reply  michael_t | 06/16/06
Cayble  Network Support | 06/17/06
Sorry, your too quick for me. I give.  Cayble | 06/17/06
Sure  tslocum7 | 06/19/06
Your questions are childish and yet very old.  Cayble | 06/16/06
Yet you failed to provide any definite and conlussive answer... why?  michael_t | 06/16/06
No Greek philosopher said that nonsense  Cayble | 06/16/06
You are a little too easy... wink follow your "wisdom" and don't get upset  michael_t | 06/16/06
What? Ha! Now your getting comical!  Cayble | 06/16/06
Iroonically,  michael_t | 06/16/06
You mised an important detail...  byeats | 06/19/06
that you are trying to spin the obvious away just to make MS look  michael_t | 06/19/06
To michael_t, the answer to your question  Cayble | 06/19/06
Sorry..  cashaww | 06/17/06
Sorry, but I said all that, in one way or another  Cayble | 06/17/06
????  tslocum7 | 06/19/06
Scince XP SP2 and Win Defender  Cayble | 06/30/06
You ask why?  GreyGeek | 06/17/06
Real Security is a HW and SW issue  bazimmerman | 06/18/06
Just shows...  Cardinal_Bill | 06/16/06
Diversion tactics!!!  techboy_z | 06/16/06
Concentrate on XP not Vista  RicD_ | 06/16/06
M$ gave up on XP years ago.  Mr. Roboto | 06/17/06
Gave up on XP? What about SP2?  PB_z | 06/22/06
Like I said, you are about 100x safer with OpenOffice. You will also save a  DonnieBoy | 06/16/06
your even safer with a calculator  corticus | 06/16/06
Actually, safer with a slide rule. But, you get full functionality with OO,  DonnieBoy | 06/17/06
Full functionality?  KTLA | 06/18/06
If by saving a fortune  mdemuth | 06/16/06
Receiving paycheck from Microsoft  jason.mailley | 06/16/06
Conversion is a one time expense. Microsoft software assurance is forever.  DonnieBoy | 06/17/06
Another of ZD Net's "Zero Day Trolls"  Code Poet | 06/16/06
"open in safe mode"  davidr69 | 06/16/06
Every time MS BOTCHED development resurfaces, the USUAL  michael_t | 06/16/06
What's up with that?  Code Poet | 06/16/06
You can not fool anybody ... poet; You SIDESTEPPED  michael_t | 06/16/06
Dude...  Code Poet | 06/16/06
Hahaha ... that's a good one ....  michael_t | 06/16/06
Whats up is  Network Support | 06/17/06
are you kidding me? Do you term "alot" by three or four?  warezdog | 06/19/06
if only was so simple  Andric_D | 06/16/06
Apparently it is simpler for others than you.  michael_t | 06/16/06
Yes...  cashaww | 06/17/06
Well, Michael_T,  MageOfChaos | 06/18/06
For clarity,  MageOfChaos | 06/18/06
you and "clarity"? Isn't this wishful thinking ?  michael_t | 06/19/06
Your message applies perfectly to you happy Is this a conicidence  michael_t | 06/19/06
Well, Mikey,  MageOfChaos | 06/19/06
I am sorry, I guess the message was not clear enough (with all the chaos  michael_t | 06/20/06
Not relevant...  Mike Cox | 06/16/06
Clicks? Is that all you do?  gardoglee | 06/16/06
9.5  Network Support | 06/17/06
Ya, Mikey is a real hoot  Cayble | 06/17/06
Relevant  TheHonestTruth | 06/16/06
Even MORE incredible, of course...  deej_z | 06/16/06
RE: Even MORE incredible, of course...  richdave | 06/16/06
If I had Mike's luck out on the lake...  John Zern | 06/16/06
Good advice Mike ,  I'm Ye, the MS SHILL . | 06/17/06
Well, Root,  MageOfChaos | 06/18/06
New Excel zero-day flaw used in attacks  phburks | 06/16/06
Not quite ALL versions of Excel  AldoWatts | 06/16/06
Excel X for Mac?  gfeier | 06/17/06
Simplicity  jasexjase | 06/17/06
They made your bed, You have to sleep in it  jonathan swift | 06/19/06
If they made anything else they'd be outta business  warezdog | 06/19/06
I like the fact tha MS is trying to compete with Google's search  michael_t | 06/19/06

What do you think?

SmartPlanet

advertisement
Click Here