Microsoft issues two security advisories: for Excel exploit, Windows Autorun

By Microsoft Subnet on Tue, 02/24/09 - 6:06pm.

Microsoft released two security advisories today. Security Advisory 968272, addresses an Excel exploit seen in small numbers in the wild and Security Advisory 967940 fixes an issue with Windows Autorun.

The Excel advisory informs users of a vulnerability in Microsoft Office Excel that could allow remote code execution if a user opens an evil Excel file. Microsoft is aware only of limited and targeted attacks that attempt to use this vulnerability, Bill Sisk said on the Microsoft Security Response Center blog.

According to the Symantec Vulnerabilities and Exploits blog, Symantec security researchers noticed this vulnerability in Japan yesterday and identified it as a new exploit of the old Excel binary .xls format, not the new .xlsx format. However it can attack Excel 2007. The Symantec blog states that when a user opens a malicious file:

"... this causes the shellcode to execute and then drops two files on the system—the malicious binary mentioned earlier and another valid Excel document. The shellcode then executes the dropped file and opens the valid Excel document to mask the fact that Excel has just crashed. This helps to decrease suspicion when the affected spreadsheet is opened."

Attackers can only gain the same rights as the local user, so users logged in with less rights pose less of a risk. Microsoft is currently working to develop a patch, it says.

Additionally, today Microsoft issued a Security Advisory (967940) which contains an update for Windows Autorun. The update fixes a problem that stops the NoDriveTypeAutoRun registry key from functioning as expected. This isn't a security patch per se, but the faulty registry key can impact the safety of end users systems.

blockquote>

Visit the Microsoft Subnet web site for more news, blogs, podcasts. Subscribe to all Microsoft Subnet bloggers.
Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)

Five great Windows open source tools
Microsoft to give away one million training vouchers
Windows Mobile 6.5 - is it as cool as the iPhone?
Microsoft puts $250K bounty on Conficker's head
Does Microsoft squander billions in R&D?
Shareholder activist targets Microsoft
Best Microsoft-related Tweets (and list of MS Tweeps)

Follow Microsoft Subnet on Twitter

Tags

What is Tech Briefcase?

TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more

Bookmark content

Speed up your research efforts with content across the web.

Search and Store

Find the white papers you need. Create folders for any topic.

View Anywhere

Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.

Don't have an account yet?

About The Microsoft Update

Julie Bort is the editor of Microsoft Subnet and Network World's Online Community Editor. She also writes the Open Source Subnet blog and is the editor responsible for the Cisco Subnet and Open Source Subnet web sites. If you have an idea for a blog, or a news tip on Microsoft, Cisco or Open Source technologies, contact her at jbort@nww.com, 970-482-6454 or follow Julie on Twitter @Julie188.

The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter.

Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited