Threat Center Security News Delay in Excel patch emboldens Virus authors
Delay in Excel patch emboldens Virus authors Print E-mail
Written by Rebecca Mints   
Thursday, 26 February 2009 06:58

Microsoft has revealed on Tuesday that various versions of Excel are vulnerable to an attack and that it has not come up with a veritable fix.

By Wednesday, Virus authors are already feasting on this gaping hole in Excel and easily inserted a Trojan through a maliciously constructed spreadsheet file, McAfee reported in its regular updates.

A malicious payload that has been previously identified by McAfee may infect the whole system.

No patch has been announced by Microsoft as of this posting.

Mcafee said the BackDoor-DUE trojan is one example of the malware that are spread through a range of Excel versions, including Excel Viewer and Excel 2000, 2002, 2003, 2007, 2004/2008 for Mac.

McAfee explained however that the malware threat on Excel is “very targeted and limited.”

“Opening up an infected file using vulnerable software packages creates a backdoor,” McAfee reports.

“In this respect, the Excel attack is similar to malware targeting the also unpatched Adobe PDF flaw,” it added.

Microsoft released a security advisory Tuesday about the Excel vulnerability but whether it will issue an emergency patch or wait two weeks for its scheduled Patch Tuesday update remained unclear.

In its advisory, Microsoft urged users to be cautious about opening random Excel files from untrusted or unknown sources.

 

WTW Threat Level