Another Microsoft Office Vulnerability
Hot on the heels of the Microsoft Word patch there’s a new threat to Microsoft Office. This vulnerability is with Excel documents. According to the MS security response center blog, they’ve received one report of a system being attacked by a previously unknown vulnerability in Excel. The moral of the story is to be suspicious of any attachments, be they programs, or claim to be images, word documents, excel documents, fluffy bunnies or what…. If you weren’t expecting an attachment in email wait and find out if it’s legit through other channels.
What’s really mind boggling about this is HOW MANY vulnerabilities there are that are known about by a select few and those select few have been “trafficking” in the market of undisclosed vulnerabilities or just taking advantage of them for their own use. I remember last fall there was an ebay auction for a claimed undisclosed Excel vulnerability. The reality is that it’s likely there are MANY vulnerabilities that have been found and never reported to Microsoft or publicly announced. (Other vendors as well.)
The best defence is to be suspicious of attachments and to always be cautious.