RSSMicrosoft Warns Over Excel Flaw
By Nate Mook | Published June 20, 2006, 1:15 PM
Microsoft on Monday issued a security advisory for the vulnerability in Excel that was disclosed by the company's Security Response Center on Friday. According to Microsoft, Zero-day attacks are being carried out against a vulnerability in Excel 2000, 2002, 2003 and Excel 2004 for Mac.
The exploit, currently being sent via e-mail, could give an attacker the same rights as a user, which could lead to a full system compromise. Although Excel 2002 and 2003 prompt a user before opening a potentially malicious Excel file, Excel 2000 does not.
Microsoft is currently investigating the issue, and has updated its Windows Live Safety Center with definitions to remove malware installed by the exploit. The Redmond company is also working with its security partners to make sure their products also detect an attack.
In the meantime, Microsoft says users can take a number of steps to protect themselves from the vulnerability. Excel 2003 users can prevent the software from entering "Repair Mode," which is where the attack takes place. However, this step requires manually editing the registry.
Administrators can also block all incoming Excel files at the gateway, or prevent Outlook from opening them as attachments. But this approach will not prevent a Web-based attack, Microsoft notes. Users can also remove the association with Excel so an XLS file is not able to be opened.
It is likely that Microsoft will release a patch for the vulnerability in its next Patch Tuesday release slated for July 11.
"Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs," the company said in the advisory.
If I had 10,000 people at all times trying to hack my OS.. im sure they would find some flaws too. Get over it, MS doms the market.. it isnt going to change for a LONG time.
Score: 0
|"Administrators can also block all incoming Excel files at the gateway, or prevent Outlook from opening them as attachments. But this approach will not prevent a Web-based attack, Microsoft notes. Users can also remove the association with Excel so an XLS file is not able to be opened."
Right, forget utilizing the software in your business for the purpose it was intended, you didn't realy need to use it anyway right?
Score: 0
|How does it prevent usage?
Open Excel, click file, open, and browse to your file.
I understand it must be too hard for some folks to grasp, but for most folks, or any user with a decent admin, it'd be a non-issue.
Score: 0
|And any decent admin would understand the increase of help desk resources and costs associated with correctly and accurately explaining to their users the new policy of opening an excel file "after," opening excel instead of just browsing to a file in explorer, using a shortcut, using a workspace in sharepoint.
They will inevitability call saying excel is broke.
Pray you're smart enough to disallow this new policy to the upper management staff, and that they're not expecting an excel spreadsheet from a customer, partner, or contractor outside the "gateway."
:rolleyes:
Score: 0
|We disabled the XLS extension across the company about 2 weeks ago when this first appeared.
We have had one or two calls after our email was sent out to the users.
Keep in mind, though, our shop is probably *not* the baseline by which others should be judged. We actually *train* our users. ;)
The disabling of the extension was merely a stopgap in case one of our vendors logged in, though. Opening email attachments as a rule is a no-no. That's what we have shared folders and a network for.
Score: 0
|We ignored the warning, and trust our AV vendors(gateway, email and client) and IDS defs will catch it all.
Score: 0
|Hope that works for ya.
Score: 0
|If MSFT is so concerned about this issue, why in the world would they wait three more weeks before releasing a patch?
My hunch is that we'll see some third party patches or workarounds in the interim.
Score: 0
|Them's be called viruses, boy. ;)
Score: 0
|We need a new model of protection. Office live (where application can be patched instantaneously or work around the flaw,) but it's becoming apparent that these flaws if they become public between a week before the current patch cycle they don't get addressed. Definition reliance is good, but not great, there's lots of chance for false positives.
Score: 0
|