New Excel Vulnerability Surfaces
New Excel Vulnerability Surfaces
January 21, 2008: Microsoft has announced that a security vulnerability has emerged in Excel, a core part of its Office productivity suite, enabling hackers to take over both Windows PCs and Apple Macs.
Microsoft issued a security advisory last week, warning of the vulnerability and saying that Office Excel 2003 Service Pack 2, Excel Viewer 2003, Excel 2002, Excel 2000 and Excel 2004 for Mac are all thought to be vulnerable at this point in time.
In its official security blog, Microsoft claims that the attacks appear to be targeted, and not widespread, with hackers using techniques such as tricking a user into downloading and running a Excel .xls file containing an exploit upon visiting a malicious website.
The company says that an attacker who successfully exploits the vulnerability could “gain the same user rights as the local user”, enabling them to install or uninstall programs, or steal and delete files for example. Microsoft notes that users whose accounts are configured to have fewer user rights could be less affected than those who operate with administrative user rights.
Microsoft says that Office Excel 2003 Service Pack 3, Microsoft Office Excel 2007 and Microsoft Excel 2008 for Mac are not affected as they do not contain the vulnerable code, and recommends that user take standard cautionary measures such as running a firewall and antivirus program, while being careful to not open attachments in unsolicited emails or on unfamiliar websites.
Comment on this story