MSRC: Reports of a new vulnerability in Microsoft Excel

Posted by bink on June 16 2006, 8:03 PM. Posted in Security.

MSRC: We've received a single report from a customer being impacted by an attack using a new vulnerability in Microsoft Excel.

Here's what we know: In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an email attachment or otherwise provided to them by an attacker.  (note that opening it out of email will prompt you to be careful about opening the attachment) So remember to be very careful opening unsolicited attachments from both known and unknown sources.

We’ve activated our security response process and we have added detection to the Windows Live Safety Center today for up-to-date removal of malicious software that attempts to exploit the vulnerability.  The Windows Live Safety Center is located at the following website:  http://safety.live.com

We’re also actively sharing that information with our Microsoft Security Response Alliance partners so that their detection can be up to date to detect and remove attacks. We’ve got the Office team engaged of course and they are hard at work investigating the vulnerability.