Zero-day exploit in Excel
The Microsoft Security Response Center has admitted the existence of a weak point in Excel that attackers can exploit by using prepared Excel files. Up until now, there has only been one report about a prepared, malicious Excel document. Security experts know this much about the weak point already: users have to open the manipulated Excel documents, which can get on to the victim's computer as e-mail attachments or perhaps by other means.
According to the blog at the security portal SecuriTeam, the malicious Excel file injects the Trojan and downloader Downloader.Booli.A onto the computer after the Excel file has exploited the security hole in Excel by creating and activating the Trojan dropper Trojan.Mdropper.J. Last month, its predecessors Mdropper.H and .I were used in the zero-day hole in Word, fixed by Microsoft on the last patch day. This new attack is also similar to the one four weeks ago in other respects: once again, the attackers have sent out a small number of manipulated documents to employees of just one company.
In the meantime, Microsoft's security experts have developed recognition routines for the manipulated Excel files for the Live Safety Center. In addition, the partners in Microsoft's Security Response Alliance continue to be in close contact. Recipients of e-mails that have Excel files attached should not open them if they were not expecting them. In addition, Excel files downloaded from sites that are not trustworthy should be deleted - or at least not opened - until virus scanners have the signatures they need to detect such malicious documents.
- Reports of a new vulnerability in Microsoft Excel, the blog entry at Microsoft's Security Response Center