Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Office Zero-Day Under Attack

Posted by Zonk on from the you-know-they've-released-new-software-when dept.

paulBarbs writes "Microsoft is warning users to be on the lookout for suspicious Excel files that arrive unexpectedly — even if they come from a co-worker's e-mail address. In an advisory, Microsoft confirmed a new wave of limited "zero-day" attacks was underway, using a code execution flaw in its Microsoft Office desktop productivity suite. Although .xls files are currently being used to launch the spear phishing attacks, Microsoft said users of other Office applications (Word, PowerPoint, Outlook, Access, etc.) are potentially at risk."

2 of 172 comments (clear)

  1. Does not affect Office 2007 by ThinkFr33ly · · Score: 4, Insightful

    The fact that this does not affect Office 2007 suggests that Microsoft is learning from their mistakes.

    This is further supported by other software they have released that went throught their "secure development lifecycle" initiative, including IIS 6.0, IIS 7.0, Windows Vista, Windows Server 2003, etc.

    Of course, IIS 7 and Vista have only been out there for a few months now... so, obviously, the jury is still out on them.

  2. Re:Do we know this for sure? by DelawareBoy · · Score: 4, Insightful

    If you follow that logic, anything not open source is open to that vulnerability, Microsoft or not...

    However, if you actually try the code which does impact Office 2003 and earlier additions, it does NOT work. Makes me glad I got my free copy of Office 2007.