Microsoft Excel exploited by Trojan
Security expert warns that users in Middle East are at ‘definite’ risk of being infected
Microsoft has just confirmed that a potentially damaging security vulnerability exists in its popular Excel spreadsheet software.
Security software vendor Symantec alerted Microsoft to the problem after several users in Japan reported being infected by the Trojan ‘Mdropper’, which could allow remote code execution.
Speaking exclusively to itp.net, Symantec security expert Bulent Teksoz believes users in the Middle East “definitely would be at risk” as the Trojan exploits a vulnerability seen in Excel 2007, 2003 and other versions down to 2000. It affects files using the .xls format and has not yet been noticed in the new .xlsx format.
While motivation behind the Trojan is not yet known, Microsoft admits that attackers could exploit this vulnerability to “gain the same user rights as the local user” in its latest security advisory bulletin. The company will release a security update once it completes investigating the vulnerability.
Till then, Microsoft Office users are advised to be wary of opening Excel files in email attachments and to make sure security definitions are kept up-to-date.