business software

02/05/2007, 7:20pm, EST

Monday, February 5th

MS warns of Excel 'zero-day' attack

Microsoft last week began warning users of new “zero-day” attacks using a vulnerability in Microsoft Office 2004 for Mac as well as Microsoft Office 2000, Microsoft Office XP, and Microsoft Office 2003. Specifically, the attack exploits a flaw Excel spreadsheet component of the business software suite and is rated as "extremely critical" by security firm Secunia, but Microsoft on Friday said that users are vulnerable if they open a any malicious Office file, indicating it may affect other components as well. "While we are currently only aware that Excel is the current attack vector, other Office applications are potentially vulnerable," the company said in a Microsoft Security Advisory posted to its website. Ironically, the warning comes days after Microsoft chairman Bill Gates attacked Mac security.

Security firm Secunia noted that the vulnerability is caused due to an unspecified error when handling strings and can be exploited to cause a memory corruption and that warned that successful exploitation allows execution of arbitary code, resulted in a compromised user system.

"As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Microsoft has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability," Microsoft said in its security advisory.

The company said it would provide free tech support to customers who believe they are affected by the zero-day attacks, noting that there is no charge for support calls that are associated with security updates. A zero-day attack is one that exposes software bugs before they have been patched.

Although the world's largest software company said it is developing a security update for Office that addresses this vulnerability, it provided no time frame and could only tell users not to open files from untrusted sources.


Filed under: software
Other story tags: business software

, , 6comments, del.icio.us, slashdot, digg, buzz


6 comments
Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article




Expand All   Global Settings
hmm
0
02/05, 8:17pm, EST
Common sense would tell you not to open files from ANY untrusted source. What f**kin' idiots!
Forum Regular
Joined Feb 2000
User is offline
FUBG
0
02/05, 8:51pm, EST
"Although the world's largest software company said it is developing a security update for Office that addresses this vulnerability, it provided no time frame and could only tell users not to open files from untrusted sources."

I don't know about you but I think it's about time for a hissy fit from Bill Gates about all those horrible lies people are telling about insecure Microsuck software and OS's.
Fresh-Faced Recruit
Joined Sep 2001
User is offline
Bill Gates said...
0
02/05, 9:44pm, EST
That hackers attack the Mac every day. What he left out was that they do so through M$ software flaws. What a jackhole!
Fresh-Faced Recruit
Joined Apr 2005
User is offline
Gates
0
02/06, 12:40am, EST
Billy is right - look, he has proof that the Mac is just as insecure as Windows. He proved it by providing the same security holes in his crappy Office Suite for Mac and Windows. Ha, Ha...see the Mac is not secure....see it has viruses too....see, it can be attacked.

Bill, take your medication and stop screwing up my OS. Oh, and not only is Excel insecure, but it sucks like your other software.

Why do the sheep in this world keep buying this junk.
Fresh-Faced Recruit
Joined Jul 2004
User is offline
whatever
0
02/06, 12:58am, EST
Ironically, the warning comes days after Microsoft chairman Bill Gates attacked Mac security.

Ironically, this has nothing to do with the fact that Bill Gates attacked mac security (sic). Plus its a good thing that Microsoft has acknowledged the problem and is working on it, since so many Mac users depend on office to do their work.
Fresh-Faced Recruit
Joined Jan 2007
User is offline
re: whatever
0
02/06, 9:18am, EST
"Plus its a good thing that Microsoft has acknowledged the problem and is working on it, since so many Mac users depend on office to do their work."

Yes they are working on it... and one of these days they will get around to patching it...

"Although the world's largest software company said it is developing a security update for Office that addresses this vulnerability, it provided no time frame"
Fresh-Faced Recruit
Joined Sep 2001
User is offline
Your Comments

In order to post comments: If you are a registered member, please login with your MacNN Forums username and password otherwise please uncheck the checkbox below.


Registered Member?
macnn forums login:

macnn forums password:

Not a member of the MacNN forums? Register now for free.

RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.



  MacNN -all

  MacNN Reviews

  MacNN Podcasts

  iPodNN

  Electronista

  Left Lane News

Check Out the VIERA from Panasonic!: Enter a New Visual Era with Panasonic VIERA HDTVs. An Enhanced Experience.

Join The MyView IT Research Panel: Members will receive opportunities to take part in surveys from today's leading businesses.

Get an IT Degree Online: Get solid credentials. Take your hobby to the next level. Adult Programs. Affordable.

Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.