Warning – Excel flaw can open your computer to attackers

Microsoft announced a big security hole in Microsoft Excel 2007.
(Update – the tech specs on this alert have broadened greatly, including almost all versions of MS Excel now)
There is also new info on this , I’ve add it to the bottom of this post.

If users download a malicious Excel file and open it, a Trojan Horse is installed on their computers which can allow the attacker who created the Excel file to completely take over the computer in question.

Most of the few remaining clients I have that haven’t went under yet use Excel on a daily basis and even send / receive them via e-mail or over a corporate network.

If this is you, please have your Network technicians promptly block e-mail delivery of all excel files via e-mail. I mean now. If one person on your corporate network receives one and opens it, it could quickly infect every computer on the network.

This is rapidly infecting corporate networks around the world.

There is NO patch for this as of yet.

Most anti-virus software won’t catch or do anything about this yet.

Microsoft probably will release something to fix this vulnerability in Excel, but it’ll be week in coming, not hours.

If you’re one of the smaller businesses and can’t get your network specialist to lock this down promptly, then call me and I’ll talk you through how to do it on your own.

Also tell your network technicians the symantec article on this subject is erroneous at the time of this writing.

Here’s a tech alert about this.

UPDATE:
The first trojan it installs is called:
Trojan.Mdropper.AC.
UPDATE 2
Not the old trojan with the same name from 2006 that effected MS Word.

03-01-2009:
Microsoft finally acknowledges it’s existence, but still doesn’t have a fix, here’s their tech bulletin.

We’ve learned the exploit won’t work on machines running Windows Vista.

Microsoft has also issued a “workaround”:

1 – Turn on MOICE. MOICE converts the XLS to XSLX before opening. Again, the new XML file format is not susceptible to this vulnerability.

2 – Turn on FileBlock. This option is a little more disruptive to most environments. With FileBlock enabled, Excel will only open the new XML-based file format that is safer. It will not open the legacy binary file format. If your organization has switched over to using the new file format exclusively, this might be a great option, even just long enough for us to get a security update out to address the vulnerability.

– Jonathan Ness and Bruce Dang, MSRC Engineering

So what is MOICE? It stands for “Microsoft Office Isolated Conversion Environment.” It’s an update for MS Office. It’s hard to find, hard to use and converts your office files to MS Office’s “Open XML” format. what MS won’t tell you is that often destroys the file making it permanently unusable or only usable after an expert “fixes” all the info in it by hand.

I’ve got my own work around going:
Open it on a Vista Machine, convert the file to a simpler format, like .csv, and then send it back. This is only if your really need the file. If it’s a case of curiousity, as in I got this excel file in the e-mail and I don’t know what it is, then just don’t open it, the odds are it’s infected.

here’s more.

5 Comments

  1. Hi Texx,
    We have some excel files we need to open right away, what do we do?
    Kim @ RID

    • NOTE from Texx, free consult performed via phone. everything at this business is fine now.

  2. I noticed Symantec got the credit on this one.

  3. As of this morning, still no patch from MS and nothing from the big AV software apps.

  4. Did you hear back from TrendMicro yet?

Submit a Comment

Your email address will not be published. Required fields are marked *

(Spamcheck Enabled)