Security Alert: Microsoft Warns of Excel Zero-day Vulnerability

Microsoft posted a warning on Friday stating that a previously unknown flaw in Excel is being exploited by opening a malicious Excel document. The vulnerability is considered extremely critical because, according to a prepared statement from Secure Elements, it is locally and remotely exploitable by Trojan.Mdropper.J, which drops Downloader.Booli.A on the affected system. No patches or workarounds are currently available.


Advertisement


It is advised to use caution when opening Microsoft Excel documents that are sent as attachments via email or otherwise received from an un-verified or trusted source. It is also highly recommended that anti-virus software with up-to-date virus definitions is present on all systems with email capability.

Detection has been added to the Windows Live Safety Center for up-to-date removal of malicious software that attempts to exploit the vulnerability. Information is also being actively shared with Microsoft Security Response Alliance partners so their detection can be updated to detect and remove attacks as well.

“There is a flaw in Microsoft Excel that has allowed virus creators to create a specially crafted Excel document, that, when opened by a user, causes a users PC to download and install a Trojan horse which essentially allows an attacker to take over the PC,” Scott Carpenter, Director of the Security Labs at Secure Elements. “This type of targeted attack requires some form of user interaction similar to a current upward trend in similarly styled attacks. I am sure it is not by accident that this virus was timed to be deployed immediately after Microsoft patch Tuesday. In recent similar attacks, Microsoft has not issued an out of cycle patch. The exploit’s immediate release after patch Tuesday is evidently designed to take advantage of a full month before Microsoft is scheduled to patch it.”

Systems impacted include:

  • Microsoft Windows Excel 2000
  • Microsoft Windows Excel 2002
  • Microsoft Windows Excel 2003
  • Microsoft Office 2000
  • Microsoft Office XP
  • Microsoft Office 2003

Secure Elements, based in Northern Virginia, develops innovative products to evolve the way organizations achieve IT security compliance. The company serves organizations in the federal government, critical infrastructure markets and Global 1000 companies, enabling them to audit, evaluate, and comply with internal, industry and regulatory policies.

You may like these other stories...

Due to fierce competition in the accounting industry, some CPAs may feel pressure to compete for business using pricing alone. However, this is a losing battle in the long run: Competing on price will lead to the need for...
If the thought of blogging makes you as nervous as an executive facing an IRS audit, stop worrying. You can overcome your challenges with these tips.1. Blogging is good for business. You'll benefit as your blog displays...
Event Date: September 9, 2014, 2:00 pm ETIn this session we'll discuss the types of technologies and their uses in a small accounting firm office. Included will be:The networked office: connecting everything together for...

Already a member? log in here.

Upcoming CPE Webinars

Aug 21
Meet budgets and client expectations using project management skills geared toward the unique challenges faced by CPAs. Kristen Rampe will share how knowing the keys to structuring and executing a successful project can make the difference between success and repeated failures.
Aug 26
This webcast will include discussions of recently issued, commonly-applicable Accounting Standards Updates for non-public, non-governmental entities.
Aug 28
Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to restrict user inputs to selected choices, but there are many nuances to the feature that often trip users up.
Sep 9
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.