Microsoft Confirms Excel Zero-Day Attack

Guglio writes "Eweek has a story about a new, undocumented Excel flaw that is being used in a targeted attack against an unnamed business. The latest zero-day attack comes just two days after Patch Tuesday (coincidence?) and less than a month after a very similar, 'super, super targeted attack' against business interests overseas. The back-to-back zero-day attacks closely resemble each other and suggest that well-organized criminals are conducting corporate espionage using critical flaws purchased from underground hackers."

news?

[bcrowell]

Why is this news? If users are willing to click on an attachment from someone they don't know, then of course they're extremely vulnerable. Of course, the problem is made worse by the fact that MS makes it so difficult not to run with administrator privileges. If this is really targeted at a particular business, then the solution seems pretty simple: that business tells all their employees not to click on attachments from people they don't know, and whips up some software to filter out this stuff before it even gets to their users. If they're big enough to be an attractive target for extortion, they're presumably big enough to have an IT staff competent to take care of those simple steps.

Another reason to have an open file format

[Bert64]

With an open file format such as OpenDocument, it would be much harder to hide malicious code and/or exploits in a document...

You could easily parse the file at your gateway, and validate the xml content against the published schema (rejecting it if it fails), although this wouldn't be foolproof (an exploit could still exist within well formed xml, but is less likely) it would cut out a significant portion of vulnerabilities.