Security Alert: Microsoft Warns of Excel Zero-day Vulnerability

Posted by accountingweb on 286 printer friendly

Microsoft posted a warning on Friday stating that a previously unknown flaw in Excel is being exploited by opening a malicious Excel document. The vulnerability is considered extremely critical because, according to a prepared statement from Secure Elements, it is locally and remotely exploitable by Trojan.Mdropper.J, which drops Downloader.Booli.A on the affected system. No patches or workarounds are currently available.


Advertisement


It is advised to use caution when opening Microsoft Excel documents that are sent as attachments via email or otherwise received from an un-verified or trusted source. It is also highly recommended that anti-virus software with up-to-date virus definitions is present on all systems with email capability.

Detection has been added to the Windows Live Safety Center for up-to-date removal of malicious software that attempts to exploit the vulnerability. Information is also being actively shared with Microsoft Security Response Alliance partners so their detection can be updated to detect and remove attacks as well.

“There is a flaw in Microsoft Excel that has allowed virus creators to create a specially crafted Excel document, that, when opened by a user, causes a users PC to download and install a Trojan horse which essentially allows an attacker to take over the PC,” Scott Carpenter, Director of the Security Labs at Secure Elements. “This type of targeted attack requires some form of user interaction similar to a current upward trend in similarly styled attacks. I am sure it is not by accident that this virus was timed to be deployed immediately after Microsoft patch Tuesday. In recent similar attacks, Microsoft has not issued an out of cycle patch. The exploit’s immediate release after patch Tuesday is evidently designed to take advantage of a full month before Microsoft is scheduled to patch it.”

Systems impacted include:

  • Microsoft Windows Excel 2000
  • Microsoft Windows Excel 2002
  • Microsoft Windows Excel 2003
  • Microsoft Office 2000
  • Microsoft Office XP
  • Microsoft Office 2003

Secure Elements, based in Northern Virginia, develops innovative products to evolve the way organizations achieve IT security compliance. The company serves organizations in the federal government, critical infrastructure markets and Global 1000 companies, enabling them to audit, evaluate, and comply with internal, industry and regulatory policies.

Tags 
CFO
Excel
Excel tips
Practice Management
Technology

Voice of the Editor

What would you do if one of your clients won the lottery? We asked several accountants to weigh in with their advice for the lucky Powerball winner, and the tips we received are useful for anyone who receives a windfall, whether it's a lottery win, an inheritance, a big bonus on the job, or a killing in the stock market.
Read more
Gail Perry, CPA
Publisher/Editor-in-Chief, AccountingWEB
editor@accountingweb.com
ADVERTISEMENT

This Week on AccountingWEB

CPAs Mira Finé, Scott Hitchcock, Rob Keasal, Kathy Scorcio, and Ken Travis offer ten pieces of financial advice for the newest Powerball winner.
Hang Bower of BDO USA and Dan Black of Ernst & Young share their perspectives on why their firms made the Best Places to Work for Recent Grads 2013 list.
Herbein + Company, Inc. firm members talked with AccountingWEB about their year-round employee wellness program.
Bill Walter of Gross, Mendelsohn & Associates and Harold Gaar of TravisWolff LLP weigh in on mobile technology use while employees are at work.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT