Add a security error that threatens MS Excel

Users of Microsoft Excel have to face the risk of being hacked when there is a completely new security error discovered in this application. Not only that, malicious code that can exploit this security hole has been widely distributed on the Internet.

Meanwhile, Microsoft is trying to overcome another security error that has just been discovered and announced last week. The code that exploits this security error has also appeared.

Warning by Symantec security firm released on June 19, said a new security error in MS Excel could cause the application to be paralyzed if the user opened a malicious file. Symantec also said that the risk of this security error being used to hijack a user's system is a possible possibility. " An attacker can execute binary code . but this has not been confirmed with certainty ."

The latest security error stems from Excel being unable to correctly check the user input source before copying these contents into the cache. Excel 2003, Excel XP and some other versions are vulnerable to this security error, Symantec said.

Security firm Secunia classified this security error as "extremely dangerous" - only one level below the highest level of its security ladder.

Meanwhile, code snippets capable of exploiting security flaws have been widely distributed on the Internet. However, Secunia confirmed that the company has yet to detect any attacks by exploiting this security vulnerability.

Microsoft is currently considering this issue, the company's representative yesterday confirmed so. " Based on the research, we confirm this is a new security vulnerability in Microsoft Windows. This error can be exploited if the user clicks on a link in Office documents ," the big man said. said. " However, Microsoft has not detected any attacks by exploiting this security error ."

Thus, the latest security error in Excel has been discovered while Microsoft is trying to overcome another security hole. This new security bug discovered last week may be exploited by an attacker to gain full control over the system that has failed. More seriously, this security error has been used in a targeted network attack.

To exploit two new security errors, the attacker must program a malicious Excel file and store this website on a web server, send it via email or in some way provide the victims they intend to attack. The attack can only succeed if the attacker's victim opens the malicious file on the faulty system.

Both of these security flaws were discovered and published the day after Microsoft released a monthly security update. Microsoft said it is developing patches for security bugs in Excel.

However, experts believe that Microsoft can only release patches for these security bugs along with security updates next month. It is rare for Microsoft to release patches beyond this time.

On June 19, Microsoft also announced a number of tricks for users to protect themselves against attacks that exploit the first security bug. Microsoft recommends that users should be careful when opening Excel files and blocking files attached to email messages or changing PC settings so that Excel cannot open the attached spreadsheet files. email.

For Excel 2003, Microsoft recommends that users should not let the application run "repair mode" because this security error is exploited through this mode.

Hoang Dung