Protect your spreadsheets: Hackers attack Excel
Microsoft has issued a security advisory warning that attackers are targeting versions of its Office Excel with vulnerabilities.
Microsoft Office Excel 2003 with Service Pack 2; Excel Viewer 2003; Excel 2002; Excel 2000; and Microsoft Excel 2004 for the Mac are affected by the security vulnerabilities, according to the advisory.
People who open a malicious e-mail attachment or visit a malicious Web site may find that their systems are compromised and that arbitrary remote code is executed. Computers configured to allow the user to have administrative user rights are at greater risk that those with few user rights on the system.
Microsoft said it is still investigating the security vulnerabilities but noted the attacks appear to be targeted and not widespread, according to its security blog.
Office has been surrounded by security concerns recently. Late last year, Microsoft deciding to block old file formats with its Office Service Pack 3 update, in order to stymie hackers exploiting the less secure parsing code that Office 2003 uses to open and save the file types.
Unfortunately, the update affected more users than Microsoft had originally predicted, and the workaround to unblock the file formats was unwieldy, requiring changes to the registry which could have made users' PCs inoperable if they were applied incorrectly.
This followed news in November last year of a near 300 percent jump in vulnerabilities between 2006 and 2007 in Microsoft Office products, reported by vulnerability management company Qualys.
However, according to Allan Paller, Director of Research at the Sans Institute, the increase should not be laid at Microsoft's door: "It isn't that Microsoft isn't doing a better job," Paller said at the time. "The reason [is that] it is so lucrative to find vulnerabilities in Excel and Word, so there are a lot of [hackers] searching for them."Suzanne Tindal of ZDNet Australia contributed to this story
Via CNET News.com