The Channel logo

News

By | Lucy Sherriff 19th June 2006 10:06

Unwanted exposure for new Excel flaw

MS says 'be careful'

A new vulnerability in Microsoft's Excel has been exposed and exploited in a targeted attack, according to reports. Microsoft's security blog says at least one customer has been affected.

The software giant says for the exploit to work a user must open a malicious Excel document, and reminds its customers to "be very careful opening unsolicited attachments from both known and unknown sources".

The timing of the attack - just days after Microsoft's monthly "patch Tuesday" is thought to be more than mere coincidence. Scott Carpenter, director of Security Labs at Secure Elements told CNet that in recent similar attacks, the software giant has not issued an "out of cycle patch", and suggests the attackers wanted to "take advantage of a full month before Microsoft is scheduled to patch it".

Meanwhile, Symantec warns that attackers are actively exploiting the vulnerability. It says malicious files (called "okN.xls") have been found containing the Trojans Mdropper.J and Booli.A, which can download other files to an infected PC. The company warns that an attacker can take full control of a PC using the vulnerability.

Microsoft says its Windows Live Safety Centre now has detection capabilities for "up-to-date removal of malicious software that attempts to exploit the vulnerability". However, it has said nothing about when it plans to issue a fix. ®

alert Send corrections

Opinion

Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella
Stranded_ships

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral

Features

STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock
Honest mistake with your licensing? Audit police look at it on a 'case by case basis'