More bad news from the security front, as of yesterday Microsoft has confirmed that a new, fairly serious security vulnerability has been discovered in Excel, and that it has already been used to attack specific companies. The flaw allows code execution, which could of course could make the machine be led to do anything the attackers wanted. Microsoft is claiming that these targeted attacks are being developed for “corporate espionage”, and that there was only a single report of a successful attack using this new method. It requires someone to open an office document, , though it could potentially be any office document sourced from anywhere. Most users typically think of a .doc or .xls as safe, making propagation of this attack more likely. So far, Microsoft is basically telling people to “play safe”:
"Here's what we know: In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an email attachment or otherwise provided to them by an attacker," Reavey said.
"Remember remember to be very careful opening unsolicited attachments from both known and unknown sources," he added.
Within 24 hours, Microsoft is supposed to have an official response to give to customers, providing temporary work-arounds or patches. All versions of Windows (from 95 to XP to 2003 SP2) are affected, and after a compromised file is opened, a worm called Downloader.Booli.A is installed. The big AV suite producers have already provided detection and removal in their suites.