Microsoft has issued a security advisory about an Excel vulnerability that affects both Mac and Windows versions of the popular spreadsheet program. The vulnerability “could allow remote code execution if a user opens a specially crafted Excel file.” Microsoft is “aware only of limited and targeted attacks that attempt to use this vulnerability,” but that means that attacks are occurring in the wild. Microsoft notes, “An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.”
This vulnerability affects both Excel 2004 and 2008, as well as a number of Windows versions of the program. For now, the safest action to take is to not open Excel documents from unknown sources. Stay tuned for more information when Microsoft issues a security update to fix this problem.
