Late yesterday, Microsoft confirmed in a security advisory that hackers are exploiting a vulnerability that lies within several versions of the Excel. The vulnerability appears to be a previously unknown zero-day, and a successful attack could allow malicious code to be executed on a victim’s computer.
According to the Microsoft advisory, affected versions of Excel include: Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000, and Microsoft Excel 2004 for Mac.
Microsoft downplayed the risk saying that the attacks appear to be targeted and not widespread. These types of attacks are usually delivered as attachments to emails, so it goes without saying that users should avoid opening unexpected email messages with attachments from unfamiliar sources. A fix is on the works, according to Microsoft, and it will be released either as part of its regular patch schedule or in an out-of-band release, “depending on customer impact.”