Microsoft's security response center is recommending that companies consider blocking Excel spreadsheet attachments at the network perimeter or Email servers to stop targeted attacks that exploit an unpatched software vulnerability in the popular Microsoft Excel. The Redmond, Wash., software giant published a pre-patch advisory on June 19 with a list of workarounds that include blocking Excel file-types at the e-mail gateway. File extensions associated with the widely deployed Microsoft Excel program are: xls, xlt, xla, xlm, xlc, xlw, uxdc, csv, iqy, dqy, rqy, oqy, xll, xlb, slk, dif, xlk, xld, xlshtml, xlthtml and xlv.
The malicious Excel document is sent as an email attachment and a Microsoft representative wrote: "In order for this attack to be carried out, a user must first open a malicious Excel document. So remember to be very careful opening unsolicited attachments from both known and unknown sources." The malicious spreadsheet file contains a Trojan horse, called 'Mdropper.J', and program called 'Booli.A' that can download more malicious files to an infected PC.
Excel zero-day flaw Still Unpatched source
Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Excel 2003, Excel Viewer 2003, Excel 2002, Excel 2000, Microsoft Excel 2004 for Mac, and Microsoft Excel v. X for Mac. In order for this attack to be carried out, a user must first open a malicious Excel file attached to an e-mail or otherwise provided to them by an attacker.
As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Microsoft has added detection to the Windows Live Safety Center today for up-to-date removal of malicious software that attempts to exploit this vulnerability.
Comment Preview