toggle

AAPL Stock: 107.65 ( + 0.67 )

Printed from http://www.macnn.com

MS warns of Excel 'zero-day' attack

updated 07:20 pm EST, Mon February 5, 2007

Excel 'zero-day' attack

Microsoft last week began warning users of new "zero-day" attacks using a vulnerability in Microsoft Office 2004 for Mac as well as Microsoft Office 2000, Microsoft Office XP, and Microsoft Office 2003. Specifically, the attack exploits a flaw Excel spreadsheet component of the business software suite and is rated as "extremely critical" by security firm Secunia, but Microsoft on Friday said that users are vulnerable if they open a any malicious Office file, indicating it may affect other components as well. "While we are currently only aware that Excel is the current attack vector, other Office applications are potentially vulnerable," the company said in a Microsoft Security Advisory posted to its website. Ironically, the warning comes days after Microsoft chairman Bill Gates attacked Mac security.

Security firm Secunia noted that the vulnerability is caused due to an unspecified error when handling strings and can be exploited to cause a memory corruption and that warned that successful exploitation allows execution of arbitary code, resulted in a compromised user system.

"As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Microsoft has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability," Microsoft said in its security advisory.

The company said it would provide free tech support to customers who believe they are affected by the zero-day attacks, noting that there is no charge for support calls that are associated with security updates. A zero-day attack is one that exposes software bugs before they have been patched.

Although the world's largest software company said it is developing a security update for Office that addresses this vulnerability, it provided no time frame and could only tell users not to open files from untrusted sources.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. iPond317

    Joined: Dec 1969

    0

    hmm

    Common sense would tell you not to open files from ANY untrusted source. What f**kin' idiots!

  1. climacs

    Joined: Dec 1969

    0

    FUBG

    "Although the world's largest software company said it is developing a security update for Office that addresses this vulnerability, it provided no time frame and could only tell users not to open files from untrusted sources."

    I don't know about you but I think it's about time for a hissy fit from Bill Gates about all those horrible lies people are telling about insecure Microsuck software and OS's.

  1. rvhernandez

    Joined: Dec 1969

    0

    Bill Gates said...

    That hackers attack the Mac every day. What he left out was that they do so through M$ software flaws. What a jackhole!

  1. ClevelandAdv

    Joined: Dec 1969

    0

    Gates

    Billy is right - look, he has proof that the Mac is just as insecure as Windows. He proved it by providing the same security holes in his crappy Office Suite for Mac and Windows. Ha, Ha...see the Mac is not secure....see it has viruses too....see, it can be attacked.

    Bill, take your medication and stop s******* up my OS. Oh, and not only is Excel insecure, but it sucks like your other software.

    Why do the sheep in this world keep buying this junk.

  1. tony_se1

    Joined: Dec 1969

    0

    whatever

    Ironically, the warning comes days after Microsoft chairman Bill Gates attacked Mac security.

    Ironically, this has nothing to do with the fact that Bill Gates attacked mac security (sic). Plus its a good thing that Microsoft has acknowledged the problem and is working on it, since so many Mac users depend on office to do their work.

  1. climacs

    Joined: Dec 1969

    0

    re: whatever

    "Plus its a good thing that Microsoft has acknowledged the problem and is working on it, since so many Mac users depend on office to do their work."

    Yes they are working on it... and one of these days they will get around to patching it...

    "Although the world's largest software company said it is developing a security update for Office that addresses this vulnerability, it provided no time frame"

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Tablo DVR

With over-the-top content options growing past Hulu and Netflix, consumers may be finding it harder to justify paying a monthly fee fo ...

Sound Blaster Roar Bluetooth speaker

There could very well be a new king of the hill for Bluetooth speakers, with Sound Blaster's recent entry into the marketplace. Bring ...

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this ...

toggle

Most Commented