|
| Top
Security News |
Sunbelt, Dell Unsheathe Ninja Blade
An email security appliance from Sunbelt debuted on Dell's PowerEdge server line; the device takes the spam fight to the gateway and off the desktop. We have held the opinion for some time that the...
Q4 2007 Spam Reached 96 Percent Of Email
Global spam levels measured by Commtouch swelled through the fourth quarter of 2007, hitting a high of 96 percent of all email in October 2007. While we can't speak for the rest of the Internet, we do see the...
Nigerian Spam Restitution Latest Scam Attempt
Members of Nigerian royalty seeking help expatriating money are so five years ago. The newest scheme offer people reimbursement for their losses to 419 scams. The legend of the 419 scam may have reached...
Bhutto's Death Turned Into Malware Bait
Virus authors often try to capitalize on current events, and the assassination of Benazir Bhutto has proven to be a popular target; just hours after the former Prime Minister of Pakistan was killed, malware distributors...
Patch Tuesday Draws Industry Comments
PC security firms offered opinions on Microsoft's December patch releases, which included three critical fixes. Microsoft's regularly scheduled patches for its software has been arriving on millions of PCs. In the corporate environment, security pros may be...
|
|
|
 |
|
Public disclosure of a newly found vulnerability in several versions of the Microsoft Excel spreadsheet program have the software company racing to repair it.
When someone drops details of a flaw on the Internet, especially those related to remote code execution, it places users of the software at virtually an immediate risk. With the software being Excel, arguably the most important piece of Office and in use on millions of desktops globally, the threat increases dramatically.
In the latest Microsoft security advisory, the company again took those responsible for publicly disclosing a vulnerability to task. "We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed," the advisory said.
There are arguments for and against such public disclosure. We won't recount those here, other than to note that once upon a time, software companies were not nearly as responsive to submitted security vulnerability reports as they are today.
In this latest advisory, several version of Excel, and including the Microsoft Office Excel Viewer 2003, could fall victim to an exploit. Microsoft said the vulnerability could be exploited when a user opens a specially crafted file.
To succeed, an attacker has to convince someone to either open a malicious Excel file attached to an email. Or, the file could be hosted on a website where the criminals would try and get people to download it.
Excel versions 2000 through 2007, and Excel 2004 and 2008 for Mac, suffer from the vulnerability. Microsoft has not decided whether to issue a fix as part of a monthly patch update, or to release an out-of-band patch. Microsoft rarely goes out-of-band with its updates; if this vulnerability is not being vigorously exploited, it's likely they will wait until February at the earliest to correct it.
About
the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
|
|
,
Inc. 2549 Richmond Rd. Lexington KY, 40509
