Microsoft said Tuesday that it has seen evidence that criminals are breaking into Windows systems through a previously unknown security hole in its Excel software.
Tim Rains, the security response communications lead for Microsoft, said in an e-mailed statement that “Microsoft is aware of specific targeted attacks that attempt to use this vulnerability.”
Targeted attacks that leverage Microsoft Office security holes typically arrive in an e-mail that address the recipient by name and state some urgent reason that the recipient must open the attached file. Obviously, you should always be extremely cautious about opening e-mail attachments, even if they appear to have been sent by an entity or person you know or trust.
According to Microsoft’s security advisory, this vulnerability affects Microsoft Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000, and Microsoft Excel 2004 for Mac. People who are using Microsoft Office Excel 2007, Microsoft Excel 2008 for Mac or have installed Microsoft Office Excel 2003 Service Pack 3 are not affected.
Patch Tuesday Preview, And a Windows WarningMSRC Blog: Security Advisory 947563MSRC Blog: October 25th Update To Security Advisory 943521A Fresh Round of Targeted E-mail AttacksMSRC Blog: Security Advisory 945713