Microsoft warns of “security hole” in Excel
Submitted by Justin Sorkin on Wed, 02/25/2009 - 10:50

There is critical vulnerability in Microsoft Office Excel that allows hackers to execute a code remotely and steal data; that's what Microsoft said in its security warning on "security hole in Excel," issued on Tuesday.

Microsoft warned that exploiting the security flaw in Excel, hackers can launch malicious code remotely to take control of anyone's computer and they can steal confidential data from anyone's computer.

According to Microsoft, the security flaw has been found in the Excel software in Microsoft Office 2000, 2002, 2003, and 2007 and Microsoft Office 2004 and 2008 for Mac.

In a blog posting on Tuesday, the company stated that "Symantec has found malicious files in the wild in Japan that attempt to exploit the vulnerability and has updated its antivirus software to detect the malicious spreadsheet files it has dubbed Trojan. Mdropper. AC". In its advisory, Symantec stated that the there have been few infections, but the risk is low. Symantec has also listed Windows Vista and XP as affected systems.

In its blog, Symantec explained, "It turns out that this vulnerability exists in the old Excel binary .xls format and not the new .xlsx format. Opening the malicious spreadsheet triggers the vulnerability. This causes the shellcode to execute and then drops two files on the system--the malicious binary mentioned earlier and another valid Excel document. The shellcode then executes the dropped file and opens the valid Excel document to mask the fact that Excel has just crashed. This helps to decrease suspicion when the affected spreadsheet is opened."

Microsoft stated that it is working to fix the flaw in the Excel software, and meanwhile, the software maker advised the Windows users to avoid opening Office files from untrusted sources or that arrive unexpectedly.

Symantec security experts explained that when the users open an infected Excel file, a Trojan horse downloader automatically gets executed onto their computers that can be used to steal private and financial data. 

Vincent Weafer, vice president of Symantec Security Response, said, "The attack displays the valid document and looks as if it's opening, so you may not notice you now have a new downloader on your machine that steals information."
 

»

Latest News

5000 Leprosy Cases Identified in Western Pacific
Genome Sequence Helps in Determining Breeding Crocs
India-EU Tug of War Continues
The New Electric Cheque
Google to Modernize its Networking Sites
Brothers Turn Blind Because of Leber's Optic Neuropathy
Snyder Students Keen on Resolving the Risk of Disease Outbreak
Valentine's Gifts Can Be Dangerous for Your Pets
Need to Go for Regular Dental Checkup
Women Must Take Good Care of Their Heart
Internet is Lovers’ Cupid
Healthy Looking Skin Attracts Women towards Men

Internet and Web2.0

more

Economy

more

Company Results

more

Poll

Do you Feel better under President Obama's rule:

New York

more

New Zealand News

more

Latest Forum Posts

more

Search

User login

Navigation

Company News India

more

Who's new

Syndicate

Syndicate content