Microsoft provides some “tips” for users to avoid getting “stuck” in a serious Excel vulnerability but has not disclosed when an official patch will be available.
 |
| Source: CNET |
Contrary to security experts’ expectations, Microsoft has not yet released an emergency patch for the aforementioned vulnerability, which has been rated as extremely critical. However, the software giant claims it is “actively working on an update.”
While waiting, Microsoft has provided several recommendations and tips for users to minimize risk.
The first reports of the Excel vulnerability began to surface last weekend when Microsoft announced that hackers had launched an attack exploiting this flaw. The attacker could leverage the vulnerability to run unauthorized software on Windows computers; however, to do this, they first needed to trick users into visiting a malicious website or opening a dangerous attachment.
The vulnerability exists in various versions of Excel, including Excel 2000, Excel 2002, and Excel 2003.
Windows users can temporarily mitigate this vulnerability by changing registry settings or setting up a gateway for their email, blocking attached Excel files. Additionally, users can eliminate risk simply by not opening any Excel documents from unknown sources.
Microsoft is currently testing a patch for this vulnerability; however, a company spokesperson could not confirm whether the patch would be released with the July security bulletin.
Misfortunes Never Come Alone
This week has indeed been a busy one for Microsoft. The Excel vulnerability was discovered just days after the June security bulletin was released (which patched 21 flaws in Windows products).
On Monday, the company had to work hard to investigate an attack that took down Microsoft’s French website.
By yesterday, PC Mag reported the discovery of another highly critical vulnerability in Excel. This flaw could also be exploited if users are tricked into clicking on a link within an Excel document.
Currently, Microsoft has not recorded any incidents that have deeply exploited the aforementioned vulnerability, but the attack code has been published on the Milw0rm site early this morning.
The security firm Secunia stated that this vulnerability affects Microsoft Office 2000, Excel Viewer 2003, Excel 2003, Excel 2002, Excel 2000, Microsoft Office 2003 Professional Edition, Microsoft Office 2003, and Microsoft Office XP.
Destiny
