On the Security Response Center page, Microsoft warns that hackers may spread an Excel document containing malware via email or any file-sharing service to exploit vulnerabilities in the popular spreadsheet program and attack users’ systems.
This company, headquartered in Redmond, Washington, admits that at least one customer has encountered issues with the new vulnerability. “Hackers only succeed when someone opens the dangerous file. Therefore, everyone needs to be cautious with all attachments, whether from acquaintances or not,” a Microsoft representative warned.
According to American security firm Symantec, a Trojan named Mdropper.J and a program called Booli.A have the ability to automatically download multiple other malicious files onto an infected computer after the user clicks on the file okN.xls.
The new issue affects all versions of the spreadsheet software, including Excel 2003 and Excel 2000, and attackers can gain complete control over the entire system.
This incident comes just days after Microsoft released 12 bulletins to patch 21 vulnerabilities in its product lines, including the Office application suite. “Recently, Microsoft has rarely fixed vulnerabilities ahead of schedule. The Trojan appeared right after the June security bulletin from the software giant indicates that hackers will have a whole month to wreak havoc,” stated Scott Carpenter, an expert from the security company Secure Elements.
Microsoft also recently addressed a flaw in the Word processing application in a bulletin dated June 14. This vulnerability had been exploited by hackers weeks prior, yet Microsoft chose to patch it according to their pre-established schedule. They only reminded customers to be careful when opening Word files and to run the program in Safe Mode.
T.N.
