Hackers go after Excel
Poisoned spreadsheet peril
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Microsoft has warned that an unpatched vulnerability in older versions of Excel is being actively exploited by hackers.
The bug, which has become the subject of targeted attacks, affects older versions of Excel. Newer versions Excel 2003 SP3 and Excel 2007 are said to be immune. Details of the vulnerability beyond what packages might be affected remain sketchy at best.
Microsoft techies are investigating the flaw, which may become the topic of a future patch. In the meantime, Redmond is trying to play down concern by pointing out mitigating factors and suggesting defence. Its suggestion, however, that few hackers know about the bug rather misses the point that this hardly reduces the risk posed by targeted attacks against unpatched flaws.
"At this time, we are aware only of targeted attacks that attempt to use this vulnerability. Additionally, as the issue has not been publicly disclosed broadly, we believe the risk at this time to be limited," Microsoft's advisory explains.
Pending the availability of a fix, security clearing house US-CERT advises users of older versions of Excel to avoid opening unfamiliar or unexpected email attachments. Sys admins should review Microsoft's suggested workarounds, it adds. ®
COMMENTS
Excel was always a target
It's laughably easy to write a 'virus' in Excel. Writing a vb macro and calling it 'autoexec' will do the trick - open the file and the code executes. People should always have macros disabled by default.
I'm still using Office97, works fine and whatever function was missing that I needed, I've already written and added it to it. We use for instance a complex calculation for adding a check-digit to our codenumbers, so an add-in with the function does the trick.
Microsoft has a habbit of always breaking previous functionality and/or file formats - good example is Access. I have never had a valid reason to upgrade from 97 to a newer version. Anyone can think of one?
The one thing that really ticks me off is people always using excel for other stuff than spreadsheets. You wouldn't believe what it's used for! Designing standard letters for printing, using it for storing translations, using it for configuration files for websites. To top it all, I once saw a stupid bint at the office use a pocket calculator to fill in the values in an excel-sheet... give me a break. Some people shouldn't use a computer really. And then we're surprised they open any file they receive by mail?
So, wait for it.........
P0rn.xls,
Britney_spears_nude.xls
and
Paris_Hilton.xls
H'mmm
re: What a bunch of hypocrites you all are.
Rubbish.
I don't like Microsoft for any number of reasons and though I use Linux for my workstations and servers at work and home I still have to support the poor sods (customers and staff) who are still using Windows due to necessity (application lock-in), ignorance or orders from 'higher-up'.
For these reasons I reserve the right to bitch about Microsoft as much as I like and I suspect many of the previous posters are in the same boat.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
