Microsoft Posts Excel 'Zero-Day' Flaw Workarounds

By Ryan Naraine  |  Posted 06-19-2006

Microsoft's security response center is recommending that businesses consider blocking Excel spreadsheet attachments at the network perimeter to help thwart targeted attacks that exploit an unpatched software vulnerability.

The Redmond, Wash., software giant published a pre-patch advisory on June 19 with a list of workarounds that include blocking Excel file-types at the e-mail gateway.

File extensions associated with the widely deployed Microsoft Excel program are: xls, xlt, xla, xlm, xlc, xlw, uxdc, csv, iqy, dqy, rqy, oqy, xll, xlb, slk, dif, xlk, xld, xlshtml, xlthtml and xlv.

The company's guidance comes just a few days after public confirmation that a new, undocumented Excel flaw was being used in an attack against an unidentified business target.

The attack resembles a similar exploit that targeted Microsoft Word users, prompting suspicion among security researchers that the attacks may be linked.

The Excel attack includes the use of Trojan horse program called Trojan.Mdropper.J that arrives as an Excel spreadsheet with the file name "okN.xls."

When the Trojan is executed, it exploits the Excel flaw to drop and execute a second piece of malware called Downloader.Booli.A. It then silently closes Microsoft Excel.

Downloader.Booli.A attempts to run Internet Explorer and inject its code into the browser to bypass firewalls. It then connects to a remote Web site hosted in Hong Kong to download another unknown file.

In the latest advisory, Microsoft confirmed that the vulnerability exists in Excel 2003, Excel Viewer 2003, Excel 2002, Excel 2000, Microsoft Excel 2004 for Mac, and Microsoft Excel v. X for Mac.

Read the full story on eWEEK.com: Microsoft Posts Excel 'Zero-Day' Flaw Workarounds