Microsoft acknowledges Excel's error

Attacks exploiting vulnerabilities in most versions of Excel are still ongoing, Microsoft's security group announced on Tuesday.

The attacks that Microsoft Security Response Response Security (MSRC) security group says have reduced to 'purposeful, and yet spreading' are leveraging the vulnerability found in Excel 2000, Excel 2002, Excel 2003 Service Pack 2, Excel Viewer 2003 and Excel 2004 for Mac. Newer versions including Excel 2003 SP3, Excel 2007 and Excel 2008 for Mac are not affected.

' Microsoft is aware of special-purpose attacks aimed at exploiting these vulnerabilities, and we are actively investigating public reports as well as the impact on customers ', Tim Rains, belonging to MSRC said.

Picture 1 of Microsoft acknowledges Excel's error According to the "Security Advice" version that Microsoft sent on Tuesday evening, the flaw - which is still unknown - could allow an attacker to take control of the PC from the owner. The advisory suggested that the attacker had attached a malicious document in an email or on a website and persuaded the user to open it. Errors in Office file formats, especially in Excel, are not new. Errors in Word, Excel and PowerPoint have been discovered and exploited by hackers for nearly two years.

Instead of pledging to release a patch, Microsoft recommends that Office 2003 users open a suspicious Excel file through the MOICE (Microsoft Office Isolated Conversion Environment), a free tool released last year that helps convert assets. whether Office 2003 format to Office 2007 format has higher security, eliminating exploit code if available. Owners can also lock all previous Office 2003 and file formats, unless they are in a 'trusted area' using File Block, the latest protection program requires revision of the registry. of Windows or Group Policy installation.

Ironically, File Block - defaulted for the first time in Office 2007, then upgraded in Office 2003 SP3 in September - faced the opposition of a portion of users over the past week because it was so troublesome. . Microsoft is trying to placate by simplifying the unlocking of older formats, but this format has been banned.

The last time Microsoft patched an Excel version was August 2007, when it released MS07-044 to fix a similar formatting error in Excel 2000, Excel 2002, Excel 2003 and Excel 2004 for Macs.