ZDNetAsia : Printer Friendly - New Excel zero-day flaw used in attacks

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Asia.
--------------------------------------------------------------

New Excel zero-day flaw used in attacks

By Joris Evers
Monday, June 19 2006 10:31 AM
URL: http://www.zdnetasia.com/news/security/0,39044215,39368787,00.htm

A new, yet-to-be-patched security vulnerability in Microsoft's Excel has been exploited in at least one targeted cyberattack, experts warned on Friday.

A malicious Excel document is sent as an e-mail attachment or otherwise delivered by the attacker to the intended victim, Microsoft said in a posting to its Security Response Center blog. The Redmond, Wash., software maker said it has received one report from a customer who had been hit by such a problem.

"In order for this attack to be carried out, a user must first open a malicious Excel document," a Microsoft representative wrote. "So remember to be very careful opening unsolicited attachments from both known and unknown sources."

Samples of malicious Excel files called "okN.xls" have been found, Symantec said in an advisory. The malicious spreadsheet file contains a Trojan horse, called "Mdropper.J," and program called "Booli.A" that can download more malicious files to an infected PC, the security company said.

"Attackers are actively exploiting this vulnerability in targeted attacks," Symantec said. The issue appears to affect all versions of Excel, including Excel 2003 and Excel 2000. If the attempt is successful, the intruder will gain full control over the targeted computer, the company said.

Word of the outbreak and of the new flaw comes just days after Microsoft released 12 security bulletins with fixes for 21 vulnerabilities in several of its products, including Office. Some experts believe the timing of the new attack is no coincidence.

"In recent similar attacks, Microsoft has not issued an out-of-cycle patch," Scott Carpenter, director of Security Labs at Secure Elements, said in a statement. "The exploit's immediate release after 'Patch Tuesday' is evidently designed to take advantage of a full month before Microsoft is scheduled to patch it."

In addition, the monthly set of patches Microsoft released Tuesday included a fix for a Word flaw that had already been used in targeted cyberattacks. Instead of issuing an out-of-cycle patch, Microsoft recommended that users be careful in opening Word documents and that they run the application in safe mode.

Microsoft has not said whether it plans to release a fix for the new Excel flaw. The software maker said it has added detection capabilities to its Windows Live Safety Center for removal of malicious software that attempts to exploit the vulnerability.