Friday, February 02, 2007

Microsoft Security Advisory (932553)

Microsoft is investigating new public reports of very limited Microsoft Excel "zero-day" attacks using a vulnerability in Microsoft Office 2000, Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2004 for Mac, and Microsoft Office 2004 v. X for Mac.

In order for this attack to be carried out, a user must first open a malicious Office file attached to an e-mail or otherwise provided to them by an attacker. While we are currently only aware of Excel as the current attack vector, all office documents are potential vectors.

As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources.

References:

No comments: