[ insider_reports_insider ]
Office Zero-Day Still Plaguing Users
David Utter
Staff Writer
2007-02-06
 Insider Reports RSS Feed
Although the most recent zero-day exploit affects Microsoft Office, Excel has been the most frequently targeted application for attacks against this latest vulnerability.
 | | Office Zero-Day Still Plaguing Users |  |
An unspecified string handling issue in Microsoft Office has opened the gates to another set of exploits. Tracking site Secunia said those attackers have mostly stuck to trying their efforts against the spreadsheet program, Excel.
For the exploit to take place, a person first has to open a document crafted to affect the flaw. Avoiding opening untrusted documents should stop much of the threat from this attack.
Microsoft said in its advisory that the vulnerability is in Microsoft Office 2000, Microsoft Office XP, Microsoft Office 2003, and Microsoft Office 2004 for Mac.
Alexandra Huft at Microsoft also confirmed the active exploitation of the flaw via Microsoft's Security Response Center blog. "We are aware of very limited, targeted attacks attempting to use the vulnerability reported," she wrote.
This new exploit comes shortly before Microsoft's scheduled update on February 13th. Microsoft routinely issues patches for its products when needed on the second Tuesday of each month. Through much of 2006, zero-day exploits became known in the period right around the update day for several months in a row.
Typical antivirus products should have an update to their signature files by now to detect and remove this threat, dubbed Exploit-MSExcel.h by McAfee.
---
Tag: Excel
Add to  Del.icio.us |  Digg |  Reddit |  Furl
Get all the updates - 
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
