Zero-Day Excel Exploit In the Wild 117
snydeq writes "Microsoft Excel has a zero-day vulnerability that attackers are exploiting on the Internet, according to security vendor Symantec. The problem affects Excel 2007 both without and with Service Pack 1, according to an advisory on SecurityFocus, and other versions going back to Excel 2000. The program's vulnerability can be exploited if a user opens a maliciously crafted Excel file, allowing a hacker to leave a Trojan horse on the infected system."
zero day? (Score:1, Insightful)
Does it really count as zero-day if it's been a bug for 9 years?
Re:A work-around for it... apk (Score:4, Insightful)
Re:Simple Answer for Microsoft... (Score:3, Insightful)
Yes, and then break all compatibility with all current applications that are currently running on Windows.
That's an added advantage of such an approach. Bonus!
Re:Random E-mails (Score:5, Insightful)
The real danger is in opening attachments from trusted sources. If this is used with an email worm, it will look like it is coming from your friends, coworkers, or any of your eight bosses. As a high priority, due yesterday, mission-critical action-item.
Re:According to MS? It IS a work-around for this (Score:4, Insightful)
That isn't going to go over well. At all.
Re:Random E-mails (Score:5, Insightful)
I was just thinking that - it's 2009. Who is still opening DOC or XLS attachments?
Umm... practically any company that does business with any municipal or state governmental agencies, law firms, accounting firms, etc etc. The question is who isn't opening DOC or XLS attachments from their clients, and how do they plan to stay in business?
Re:MS Vista becoming more secure? (Score:3, Insightful)
Saying you've never had a virus without ever scanning your PCs is like saying you've never had an STD without ever getting tested. In both cases, you can have infections without symptoms, and the infections can be transmitted. Yes, there are false negatives, but that's no excuse to abstain from testing.
Granted, you said "never had a problem," not "never had a virus," but what you really meant was that you've never seen a problem. Considering that most malware these days is designed to run unnoticed rather than to cause harm to the desktop, that's not really surprising. There ARE worms that affect Vista, and for all you know, your servers have rootkits on them. Or not. One thing's for sure: it's irresponsible, borderline incompetent to admin a Windows network without any AV, especially a corporate network (i.e., those that probably store private AND valuable information, as opposed to simply private information that's probably on your desktops at home).