Scott's Weblog The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking

New Excel Zero-Day Attack

This past Friday, the Microsoft Security Response Center blog posted a notification about Microsoft Security Advisory 932553, which describes the specific issue and the attacks around that issue.

More information on the issue is also available from this Secunia advisory and from US-CERT.

There are two interesting things to note (interesting to me, at least):

  • First, this is an Office vulnerability, not a Windows vulnerability. Therefore, as correctly pointed out in the security advisories, Office 2004 for the Mac is also affected.

  • Second, although the current attacks are targeted against Excel, this vulnerability extends to all Office documents. This means that other forms of attack could be forthcoming in the near future until the underlying flaw is addressed.

As with some of the other zero-day attacks I’ve discussed here, it looks like the only workaround available at this time is to not open Office documents from untrusted sources. In fact, it would probably be best not to open any unexpected and/or unsolicited Office document from any source, trusted or otherwise.

Other related links:

MS warns of Excel ‘zero-day’ attack - MacNN

New Zero-Day Threat Excels - eWeek

Metadata and Navigation

Be social and share this post!