Microsoft warns of new 'Zero day' Excel 2003 vulnerability

A Microsoft Security Advisory note issued on January 15th revealed that Excel 2003 had been targeted by attacks on a previously unknown vulnerability.

The advisory provided few specific details, but explained that hackers would need to place a specially crafted Excel file on a Web site to launch an attack. Victims would be lured to the site by getting them to click a link in an e-mail or instant message.

The weak spot, which could allow hackers to run code on infected PCs, affects Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000, and Microsoft Excel 2004 for Mac. Microsoft said that so far, users of Microsoft Office Excel 2007 and Excel 2008 for Mac, or those who had installed Microsoft Office Excel 2003 Service Pack 3 were not affected.

Users who have installed and are using the Office Document Open Confirmation Tool for Office 2000 will be prompted with Open, Save, or Cancel before opening a specially crafted document that is attempting to exploit this vulnerability.

"As the issue has not been publicly disclosed broadly, we believe the risk at this time to be limited," Microsoft said. Once it has investigated the wider impact of this new 'Zero day' (i.e. previously unreported) vulnerability, Microsoft would either provide a security update through its usual second Tuesday of the month release process, or issue an out-of-cycle security update if needed.

Reprinted from our sister site,

You may like these other stories...

Accountants who specialize in forensic and valuation services point to electronic data analysis, or big data, as the most pressing issue they’ll face in the coming months, according to results of a new survey released...
As complex as federal tax can get, at least you're only dealing with one agency: the IRS. But when you get into state and local sales tax, you're coordinating hundreds of jurisdictions that are constantly changing....
All that was needed on Tuesday was a voice vote for the House of Representatives to pass a bill that would prevent state and local governments from taxing access to the Internet.Now the ball is in the Senate’s court....

Upcoming CPE Webinars

Jul 31
In this session Excel expert David Ringstrom helps beginners get up to speed in Microsoft Excel. However, even experienced Excel users will learn some new tricks, particularly when David discusses under-utilized aspects of Excel.
Aug 5
This webcast will focus on accounting and disclosure policies for various types of consolidations and business combinations.