Tuesday, February 24, 2009

Microsoft Excel Vulnerability - Trojan Mdropper.AC

Updated March 10 - Microsoft Tuesday has come and gone, and alas, no patch for this particular CVE. Last reports are that attacks are still limited and targeted. Microsoft advises folks to use MOICE (the Microsoft Office Isolated Conversion Environment) when opening files from unknown or untrusted sources, or using the Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted senders.


Microsoft, in their never-ending quest to publicly admit vulnerabilities exist once at least fifty media outlets report them, has released Security Advisory 968272, Vulnerability in Microsoft Excel Could Allow Remote Code Execution. Fabulous.

As always, Microsoft states that they are working on the problem, and that attacks are both limited and targeted, which is small consolation if you happen to be in the cross-hairs.

Symantec has identified malicious Excel files in the wild in Japan and has released updated antivirus definitions for detection purposes, naming the variant Trojan Mdropper.AC.

Security researchers report that the vulnerability exists in the older .xls file format, and not the newer .xlsx format used by the latest version of Excel that has yet to see widespread use, much to the dismay of Microsoft's revenue stream.

Microsoft has yet to release a patch for the vulnerability, and the firm typically does not release out-of-band fixes unless attacks become more widespread. In the meantime, the same rules apply - update your AV files and don't open spreadsheet files (or any other kinds of files) from anyone, even someone you know, unless you've asked for them or are aware of their scheduled delivery to your inbox.

No comments:

Post a Comment

Please tell me what you think.