Microsoft Office Excel
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
Microsoft Office for Mac

Category: ALERT
Severity: HIGH
Attention: Excel users (on Windows and Mac systems), System Administrators, Desktop Support Personnel.

Summary: Multiple Internet Security Resources are currently reporting the existence of a critical vulnerability in Microsoft Excel.  Microsoft has released a security advisory confirming the vulnerability and also acknowledging that active exploitation of this vulnerability is already occurring on the Internet.  The most likely mechanism of exploitation is the handling (opening, saving, etc) of maliciously-crafted Excel(.XLS) documents.  Successful exploitation could result in complete takeover of a vulnerable system.  At the time of this writing (3:50 PM 2/24/09) no patch is available from the vendor to fix this vulnerability.

Recommended Actions:  Excel users are cautioned to avoid the handling of Excel (.xls) files from unknown/untrusted sources until a patch has been made available from Microsoft.  Users and system administrators are encouraged to read the security advisory (safe link provided below) for more information on this vulnerability.

ITS Actions: N/A

Resources:

Microsoft Security Advisory:
http://www.microsoft.com/technet/security/advisory/968272.mspx