State of targeted attacks - criminals exploiting Excel vuln during two months

[Juha-Matti Laurio <juha-matti.laurio () netti fi>]

In mid-January Microsoft confirmed that a new, previously unknown Excel vulnerability was used in targeted attacks.
Anti-virus vendors had information about these Trojans several days earlier.
And this week US-CERT issued a warning about the new wave of exploitation:
http://www.us-cert.gov/current/#trojan_exploiting_microsoft_excel_vulnerability

After more than two months there is a fix available for this extremely critical Microsoft Excel vulnerability.

According to the new information the issue is not related to the handling of header information - the flaw exist in 
macro processing.

More at
http://blogs.securiteam.com/index.php/archives/1074

Go and patch your Office installations:
http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx

Juha-Matti
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.