Sunday, March 30

Excel exploit goes public Patach ASAP

Attack code that exploits a bug in Microsoft Excel went public last week, a security researcher said, prompting him to urge users to immediately apply a March 11 patch.

The exploit, which was posted to the site last Friday, is the first made public for any of the seven vulnerabilities that were Microsoft Corp. patched several days earlier in the security update tagged as MS08-014. That bulletin fixed multiple flaws in Excel 2000, 2002, 2003 and 2007 on Windows, and Excel 2004 and Excel 2008 on the Mac.

Apply MS08-014 immediately. "This should be considered a high priority in light of the availability of exploit code," he said. "Additionally, users should be advised to carry out extreme caution when handling Excel files received online. If possible, Excel files should be filtered at the e-mail gateway until the updates can be applied."

The MS08-014 update was the same one that Microsoft had to re-release last week after it discovered one of the Excel fixes had produced a regression error that generated incorrect results in some