Security Alert: Microsoft Warns of Excel Zero-day Vulnerability

Microsoft posted a warning on Friday stating that a previously unknown flaw in Excel is being exploited by opening a malicious Excel document. The vulnerability is considered extremely critical because, according to a prepared statement from Secure Elements, it is locally and remotely exploitable by Trojan.Mdropper.J, which drops Downloader.Booli.A on the affected system. No patches or workarounds are currently available.


Advertisement


It is advised to use caution when opening Microsoft Excel documents that are sent as attachments via email or otherwise received from an un-verified or trusted source. It is also highly recommended that anti-virus software with up-to-date virus definitions is present on all systems with email capability.

Detection has been added to the Windows Live Safety Center for up-to-date removal of malicious software that attempts to exploit the vulnerability. Information is also being actively shared with Microsoft Security Response Alliance partners so their detection can be updated to detect and remove attacks as well.

“There is a flaw in Microsoft Excel that has allowed virus creators to create a specially crafted Excel document, that, when opened by a user, causes a users PC to download and install a Trojan horse which essentially allows an attacker to take over the PC,” Scott Carpenter, Director of the Security Labs at Secure Elements. “This type of targeted attack requires some form of user interaction similar to a current upward trend in similarly styled attacks. I am sure it is not by accident that this virus was timed to be deployed immediately after Microsoft patch Tuesday. In recent similar attacks, Microsoft has not issued an out of cycle patch. The exploit’s immediate release after patch Tuesday is evidently designed to take advantage of a full month before Microsoft is scheduled to patch it.”

Systems impacted include:

  • Microsoft Windows Excel 2000
  • Microsoft Windows Excel 2002
  • Microsoft Windows Excel 2003
  • Microsoft Office 2000
  • Microsoft Office XP
  • Microsoft Office 2003

Secure Elements, based in Northern Virginia, develops innovative products to evolve the way organizations achieve IT security compliance. The company serves organizations in the federal government, critical infrastructure markets and Global 1000 companies, enabling them to audit, evaluate, and comply with internal, industry and regulatory policies.

You may like these other stories...

Curious as to what the fastest-growing accounting and finance jobs might be for the next several years? According to the new 2015 Salary Guide from staffing firm Accounting Principles, some of those jobs include bookkeeping...
An increase in hiring of accounting and finance professionals can be expected in the next 12 months, according to a recently released jobs outlook from staffing firm Brilliant.Brilliant, in conjunction with Richard Curtin,...
2013 marked the third consecutive year CPA firms in the United States saw a spike in annual revenues, according to the latest national practice management benchmarking survey by The Rosenberg Associates Ltd. and The Growth...

Already a member? log in here.

Upcoming CPE Webinars

Oct 30Many Excel users have a love-hate relationship with workbook links.
Nov 5Join CPA thought leader and peer reviewer Rob Cameron and learn ways to improve the outcome of your peer reviews while maximizing the value of your engagement workflow.
Nov 12This webcast presents basic principles of revenue recognition, including new ASU 2014-09 for the contract method. Also, CPAs in industries who want a refresher on revenue accounting standards will benefit.
Nov 18In this session Excel expert David Ringstrom, CPA tackles what to do when bad things happen to good spreadsheets.