• The latest on that Excel 0day security hole

    Posted on June 19, 2006 at 00:14 CDT by Comment in the Forums

    Let me emphasize, first and foremost, that there’s no indication that last week’s 0day Excel exploit has made it out into the real world. That said, it’s prudent to be cautious about spreadsheets that you receive from other people.

    In particular, you should:

    * Keep your antivirus software updated. Right now, it isn’t too fanatical to manually update your antivirus software signature file once during the day – and let it update itself at night.

    * Don’t open any Excel spreadsheets you receive unless you’re absolutely sure that the person who sent you the spreadsheet did so intentionally. It’s worth a call or confirming email. Remember that the bad guys now routinely “spoof” the return address of infected messages.

    * Save and scan any Excel spreadsheets before you open them, whether you get them by email, off a Web site, or via your sainted great aunt’s award-winning carrier pigeons.

    There’s no patch to Excel that plugs the security hole, and I don’t expect to see one until next month. Microsoft claims that its Windows Live OneCare antivirus program will catch infected files; Symantec also makes that claim; and most other antivirus vendors either have updated their signature files, or will do so momentarily. I strongly suggest that you consider the consequences of your actions if you’re thinking of subscribing to Live OneCare and paying Microsoft $50 to fix a program that you bought from them already,

    Juha-Matti, blogging for the SANS Internet Storm Center, has up-to-the-second news about the hole. You don’t need to take his advice for blocking the 0day hole – it’s a bit over-the-top, in my opinion, for a threat that hasn’t yet materialized. But it won’t hurt to come up to speed on the nuances of the problem.

    UPDATE: Microsoft has posted Security Advisory 921365, which sheds some light. In particular, it says that Excel 2003, Excel Viewer 2003, Excel 2002 (the version in Office XP), and Excel 2000 are alll vulnerable. That means almost all editions of Microsoft Works will be vulnerable, too.

    There’s also some exploit code floating around that may or may not take advantage of this particular hole. My recommendations stand, though: check your spreadsheets and don’t do anything dumb, like refusing to open all .XLS files.

    Office Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.