Zero-Day Excel Exploit In the Wild

snydeq writes "Microsoft Excel has a zero-day vulnerability that attackers are exploiting on the Internet, according to security vendor Symantec. The problem affects Excel 2007 both without and with Service Pack 1, according to an advisory on SecurityFocus, and other versions going back to Excel 2000. The program's vulnerability can be exploited if a user opens a maliciously crafted Excel file, allowing a hacker to leave a Trojan horse on the infected system."

Re:and you thought that math "error" was a mistake

[Smidge207]

Nope; that just plays Flight Simulator. ;-)

=Smidge=

Re:Simple Answer for Microsoft...

[the_humeister]

Yes, and then break all compatibility with all current applications that are currently running on Windows.

Besides, Darwin is open source. MS could just use Darwin as the base and write a Windows compatible GUI on top of that.

Re:Simple Answer for Microsoft...

I don't really know how stable it's really considered, but I've had more application crashes on the latest kubuntu updated with kde 4.2 in a week of idle tinkering (apps from the default install, network manager, all kinds of things) than I have on vista 64 in several months of constant work.

Re:zero day?

[PitaBred]

Zero-Day does not mean the day the bug was released. It means that it is a bug that is being exploited in the wild before a patch can be released. It doesn't matter when the bug was first coded. Compare that to a theoretical bug discovered by researchers that COULD be exploited, but isn't yet.

I normally wouldn't respond to an AC seemingly obvious misconception, but the fact that he was modded up means that people with mod points apparently don't have a clue, either...

According to MS? It IS a work-around for this

"That is only a workaround if you hate the guts of everybody who works the help desk." - by fuzzyfuzzyfungus (1223518) on Tuesday February 24, @03:33PM (#26974607)

I suggest you do a bit of reading here then from the URL below...

(Simply because, based on the data about this (straight from the horses' mouth @ MS)? There is a GOOD chance your networking folks will merge this on bootup logon scripts to protect you with it, @ this point so far @ least!)

Microsoft Security Advisory (968272)

Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution

http://www.microsoft.com/technet/security/advisory/968272.mspx

----

SALIENT EXCERPT/QUOTE:

"Suggested Actions

Microsoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section:

For Office 2003

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Excel\Security\FileOpenBlock]

"BinaryFiles"=dword:00000001

Note In order to use 'FileOpenBlock' with Office 2003, all of the latest Office 2003 security updates must be applied.

Impact of Workaround: Users who have configured the File Block policy and have not configured a special exempt directory as discussed in Microsoft Knowledge Base Article 922848 will be unable to open Office 2003 files or earlier versions in Office 2003 or 2007 Microsoft Office System.

For 2007 Office system

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Excel\Security\FileOpenBlock]

"BinaryFiles"=dword:00000001

Note In order to use 'FileOpenBlock' with the 2007 Microsoft Office system, all of the latest security updates for the 2007 Microsoft Office system must be applied.

Impact of Workaround: Users who have configured the File Block policy and have not configured a special exempt directory as discussed in Microsoft Knowledge Base Article 922848 will be unable to open Office 2003 files or earlier versions in Office 2003 or 2007 Microsoft Office System.

How to Undo the Workaround:

For Office 2003

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Excel\Security\FileOpenBlock]

"BinaryFiles"=dword:00000000

For 2007 Office system

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock]

"BinaryFiles"=dword:00000000"

----

Especially since currently there is apparently NO other way to @ least protect yourself from this attack...

APK

P.S.=> The "adverse impacts" of this temporary work-around fix, IF any, are listed on said page also... apk

Re:According to MS? It IS a work-around for this

[Planesdragon]

I say that, simply because, @ least in the workplace, where folks use Excel spreadsheets for daily accounting purposes (& other uses too)? It's NOT going to "go over well" @ all- Especially since I am certain those people will probably NEED to access said spreadsheets to some degree (in the timeframe it takes MS to make up a binary patch for Excel)

*ahem*

1: Excel 2007 has seperate file types for "yes macro XML", "no macro XML", and "old crappy binary" formats. .xlsx, .xlsm, and .xls, respectively. The first, .xlsx, is immune to trojan hacks the same way a .txt file in notepad is immune to them.

2: Excel 2003 has a COMPLETELY FREE UPDATE that lets it write and read .xlsx files.

3: Anyone who isn't using 2007 or 2003 can use OpenOffice, which, again, is highly resistant (immune?) to this bug. And can save to .xlsx.

Anyone using Excel probably needs it--but the few of us who use Excel and need macros, well, we should be smart enough to avoid viruses. Users who aren't can stick to .xlsx, and they'll be all set.

Re:zero day?

[Lord+Ender]

the fact that he was modded up means that people with mod points apparently don't have a clue, either...

Welcome to slashdot!