Site menu:

Welcome | Products & Services | Security Portal | Commentary | Employment | FAQ | Privacy |

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Handling the 0-day Excel Vulnerability

At the end of February Microsoft released information about an exploit against multiple versions of Excel (2000 through to 2007 on Windows, and 2004 and 2008 on OS X, Open XML File Converter for Mac, Excel Viewer 2003). This exploit has been found in the wild and it has been considered important enough for Microsoft to issue a security advisory for the previously undisclosed vulnerability. Like many prior serious vulnerabilities in document formats that have attracted out-of-band attention from Microsoft it has originated from an exploit being used in targeted attacks against a small number of targets.

Microsoft recommend using the Microsoft Office Isolated Conversion Environment to pre-process suspect files before opening them. Doing so mitigates against the attack, however it does mean that Office 2003 and earlier files that are processed will lose their macro functionality and that DRM/password protected files can not be converted. This is only an option if Office 2003 or 2007 are in use. Likewise, setting FileOpenBlock as per the mitigation recommended by Microsoft means that Office 2003 and 2007 users will not be able to open Office 2003 and earlier files unless they are present in a defined exempt directory. Both methods of mitigation result in Excel only opening the newer XML file formats, not the older binary Office file format.

According to the Security Research & Defense team, this is the first time that an exploit has been discovered that can run code on Office 2007. It seems that the exploit code is explicitly designed to target Office 2007 in use on Windows XP, while it most likely would result in a denial of service via application crash in the other listed versions of Office / Excel. The exploit is also targeting the now-legacy binary Office file format and hasn't been discovered in Office's new XML-based format, hence the recommended mitigation which ensures conversion to the newer format and which blocks the opening of older file formats.

1 March 2009

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.

More information:

Subscribe to our feed.

Commentary & Insight From Sûnnet Beskerming2024202320222021202020192018201720162015201420132012201120102009 - December - November - October - September - August - July - June - May - April - MarchDoes Microsoft Gain From Exposing Collaborative Cloud Effort?Around the Frayed Edge of PCI DSSOS X Coming Under Increased Researcher ScrutinyMicrosoft's March 2009 PatchesJBIG2Decode Adobe PDF Vulnerability now Completely Hands FreeMicrosoft Security Patch Release March 2009 Advance NotificationAn Interesting Result for JBIG2 PDF VulnerabilityHandling the 0-day Excel VulnerabilityPatching Cycles and the Adobe Vulnerability - February - January2008200720062005

Site Guardian

Reach Us:

Reach us at
info@beskerming.com

Reach us via IM

Jabber:
Server - jabber.org.au Account - Sunnet.Beskerming

AIM / iChat:
sunnetbeskerming

ICQ:
339742914

Google Talk:
Sunnet.Beskerming

Yahoo! Messenger:
sunnet.beskerming

MSN:
info@beskerming.com

Testimonials

"...extremely timely, accurate reporting..."

"...honesty which is refreshing..."

Copyright © 2005-2011 Sûnnet Beskerming Pty. Ltd. Design by Andreas Viklund.