Microsoft Warns of Excel Zero-Day Attack

on

Microsoft Warns of Excel Zero-Day Attack




Redmond activates its security response process after learning
of a zero-day attack against a new, undocumented Excel spreadsheet vulnerability.

A
new, undocumented vulnerability in Microsoft's Excel spreadsheet program is
being used to launch computer attacks against specific targets, according
to a warning from the software maker.



The vulnerability, rated "extremely
critical" by Secunia, is being exploited to load a keylogger Trojan on select
targets, according to an anti-virus analyst tracking the latest attack.



The attackers are using booby-trapped Excel documents, sent by e-mail to
the target's mailbox.  If a rigged .xls document is launched, the exploit
happens silently in the background, infecting the machine with a Trojan downloader
that opens a backdoor and waits for instructions from a server controlled by
the attacker.




An advisory from
Redmond's security response center insists the attacks are very limited.



"At this time, we are aware only of targeted attacks that attempt to use this
vulnerability. Additionally, as the issue has not been publicly disclosed broadly,
we believe the risk at this time to be limited," the company said.



Microsoft said the flaw affects Microsoft Office Excel 2003 Service Pack 2, Microsoft
Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel
2000, and Microsoft Excel 2004 for Mac.



Desktop users running Microsoft Office Excel 2007 or Microsoft Excel 2008 for
Mac, or who have installed Microsoft Office Excel 2003 Service Pack 3 are not
affected by this vulnerability.



The company is urging customers who encounter strange Excel documents to contact
law enforcement agencies or report the issue to the Internet
Crime Complaint Center.




In the absence of a patch, Microsoft recommends that customers use its MOICE
(Microsoft Office Isolated Conversion Environment) tool to isolate exploits.



MOICE, available
as a free download, can be used in tandem with Group Policy settings to convert
documents in legacy (.doc) formats to OpenXML formats, stripping out potentially
harmful elements that could pose a potential security risk.



The conversion process takes place in a safe, quarantined sandbox environment,
so the user's computer is fully protected. MOICE currently supports the .doc,
.ppt, .pot, .pps, .xls, .xlt and .xla file formats.



Microsoft is also encouraging users to use the Microsoft Office File Block policy
to block the opening of Office 2003 and earlier documents from unknown or untrusted
sources and locations.