Microsoft issues two security advisories: for Excel exploit, Windows Autorun

Microsoft released two security advisories today. Security Advisory 968272, addresses an Excel exploit seen in small numbers in the wild and Security Advisory 967940 fixes an issue with Windows Autorun.Microsoft Security Response Center blog.

The Excel advisory informs users of a vulnerability in Microsoft Office Excel that could allow remote code execution if a user opens an evil Excel file. Microsoft is aware only of limited and targeted attacks that attempt to use this vulnerability, Bill Sisk said on the

According to the Symantec Vulnerabilities and Exploits blog, Symantec security researchers noticed this vulnerability in Japan yesterday and identified it as a new exploit of the old Excel binary .xls format, not the new .xlsx format. However it can attack Excel 2007. The Symantec blog states that when a user opens a malicious file:

"... this causes the shellcode to execute and then drops two files on the system—the malicious binary mentioned earlier and another valid Excel document. The shellcode then executes the dropped file and opens the valid Excel document to mask the fact that Excel has just crashed. This helps to decrease suspicion when the affected spreadsheet is opened."

Attackers can only gain the same rights as the local user, so users logged in with less rights pose less of a risk. Microsoft is currently working to develop a patch, it says.

Additionally, today Microsoft issued a Security Advisory (967940) which contains an update for Windows Autorun. The update fixes a problem that stops the NoDriveTypeAutoRun registry key from functioning as expected. This isn't a security patch per se, but the faulty registry key can impact the safety of end users systems.

blockquote> Visit the Microsoft Subnet web site for more news, blogs, podcasts. Subscribe to all Microsoft Subnet Microsoft newsletter. (Click on News/Microsoft News Alert.)

Sign up for the

Five great Windows open source toolsMicrosoft to give away one million training vouchersWindows Mobile 6.5 - is it as cool as the iPhone?Microsoft puts $250K bounty on Conficker's headDoes Microsoft squander billions in R&D?Shareholder activist targets Microsoft Best Microsoft-related Tweets (and list of MS Tweeps)

Follow Microsoft Subnet on Twitter

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.