|
ALARM Group ALERT - click for a description of ALARM, The Computing Alert System
Alert Number: 061906-01
Alert Date: 6/19/06
Alert Title: *UNPATCHED* Vulnerability in Excel
Update-to: none
OS/Platform/Application: Microsoft Excel on Windows and Mac systems
Category: ALERT
Severity: HIGH
Attention: Windows and Mac System Administrators, Desktop Support Personnel |
Summary: Multiple Internet security-related resources are reporting the existence of a vulnerability in Microsoft Excel that could allow attackers to execute arbitrary code on target systems. The most likely vector of exploit would the the opening of an .XLS file via an email attachment or specifically-crafted website. At the time of this writing (9:30 AM June 19 2006),no vendor-supplied patch has been made available to address this vulnerability. Evidence of exploits for this vulnerability circulating in the wild have been reported by numerous security agencies. Definition/Detection signature files for this exploit *have* been made available by popular anti-virus and malicious software detection vendors (e.g., Symantec, McAfee, Windows Live Safety Center).
Recommended Actions: Windows/Mac System Administrators and other Support Personnel/end users are encouraged to read the Information/Recommendations on this exploit (links provided below) and to update AV files on any systems not configured for auto-updating. Users should exercise caution in opening Excel documents of questionable purpose or origin.
ITS Actions: No additional actions are being taken to address this vulnerability at the current time. An update will be issued if this situation changes.
Resources:
Microsoft Securiteam Blog FAQ:
