Microsoft posted a warning on Friday stating that a previously unknown flaw in Excel is being exploited by opening a malicious Excel document. The vulnerability is considered extremely critical because, according to a prepared statement from Secure Elements, it is locally and remotely exploitable by Trojan.Mdropper.J, which drops Downloader.Booli.A on the affected system. No patches or workarounds are currently available.
It is advised to use caution when opening Microsoft Excel documents that are sent as attachments via email or otherwise received from an un-verified or trusted source. It is also highly recommended that anti-virus software with up-to-date virus definitions is present on all systems with email capability.
Detection has been added to the Windows Live Safety Center for up-to-date removal of malicious software that attempts to exploit the vulnerability. Information is also being actively shared with Microsoft Security Response Alliance partners so their detection can be updated to detect and remove attacks as well.
“There is a flaw in Microsoft Excel that has allowed virus creators to create a specially crafted Excel document, that, when opened by a user, causes a users PC to download and install a Trojan horse which essentially allows an attacker to take over the PC,” Scott Carpenter, Director of the Security Labs at Secure Elements. “This type of targeted attack requires some form of user interaction similar to a current upward trend in similarly styled attacks. I am sure it is not by accident that this virus was timed to be deployed immediately after Microsoft patch Tuesday. In recent similar attacks, Microsoft has not issued an out of cycle patch. The exploit’s immediate release after patch Tuesday is evidently designed to take advantage of a full month before Microsoft is scheduled to patch it.”
Systems impacted include:
- Microsoft Windows Excel 2000
- Microsoft Windows Excel 2002
- Microsoft Windows Excel 2003
- Microsoft Office 2000
- Microsoft Office XP
- Microsoft Office 2003
Secure Elements, based in Northern Virginia, develops innovative products to evolve the way organizations achieve IT security compliance. The company serves organizations in the federal government, critical infrastructure markets and Global 1000 companies, enabling them to audit, evaluate, and comply with internal, industry and regulatory policies.