Security Alert: Microsoft Warns of Excel Zero-day Vulnerability

Microsoft posted a warning on Friday stating that a previously unknown flaw in Excel is being exploited by opening a malicious Excel document. The vulnerability is considered extremely critical because, according to a prepared statement from Secure Elements, it is locally and remotely exploitable by Trojan.Mdropper.J, which drops Downloader.Booli.A on the affected system. No patches or workarounds are currently available.


Advertisement


It is advised to use caution when opening Microsoft Excel documents that are sent as attachments via email or otherwise received from an un-verified or trusted source. It is also highly recommended that anti-virus software with up-to-date virus definitions is present on all systems with email capability.

Detection has been added to the Windows Live Safety Center for up-to-date removal of malicious software that attempts to exploit the vulnerability. Information is also being actively shared with Microsoft Security Response Alliance partners so their detection can be updated to detect and remove attacks as well.

“There is a flaw in Microsoft Excel that has allowed virus creators to create a specially crafted Excel document, that, when opened by a user, causes a users PC to download and install a Trojan horse which essentially allows an attacker to take over the PC,” Scott Carpenter, Director of the Security Labs at Secure Elements. “This type of targeted attack requires some form of user interaction similar to a current upward trend in similarly styled attacks. I am sure it is not by accident that this virus was timed to be deployed immediately after Microsoft patch Tuesday. In recent similar attacks, Microsoft has not issued an out of cycle patch. The exploit’s immediate release after patch Tuesday is evidently designed to take advantage of a full month before Microsoft is scheduled to patch it.”

Systems impacted include:

  • Microsoft Windows Excel 2000
  • Microsoft Windows Excel 2002
  • Microsoft Windows Excel 2003
  • Microsoft Office 2000
  • Microsoft Office XP
  • Microsoft Office 2003

Secure Elements, based in Northern Virginia, develops innovative products to evolve the way organizations achieve IT security compliance. The company serves organizations in the federal government, critical infrastructure markets and Global 1000 companies, enabling them to audit, evaluate, and comply with internal, industry and regulatory policies.

You may like these other stories...

With tomorrow being Tax Day, you might see some procrastinators at your office filling out forms, printing out paperwork, or getting last-minute tax advice from their accountant so they can meet the IRS’s filing...
You can read volumes on how to manage an accounting practice. But if you want the quick version, just read the following four points. Everything else is just commentary.  (These points come out of the 1997 book, The...
There is a growing trend of accountants moving away from traditional compliance work to more advisory work. Client demand is there, but it is up to the accountants to capitalize on that. What should accountants' roles be...

Upcoming CPE Webinars

Apr 17
In this exciting presentation Excel expert David H. Ringstrom, CPA shares tricks that you can use with pivot tables every day. Remember, either you work Excel, or it works you!
Apr 22
Is everyone at your organization meeting your client service expectations? Let client service expert, Kristen Rampe, CPA help you establish a reputation of top-tier service in every facet of your firm during this one hour webinar.
Apr 24
In this session Excel expert David Ringstrom, CPA introduces you to a powerful but underutilized macro feature in Excel.
Apr 25
This material focuses on the principles of accounting for non-profit organizations' revenues. It will include discussions of revenue recognition for cash and non-cash contributions as well as other revenues commonly received by non-profit organizations.