If you run Microsoft Excel, you need to pay attention to this. Oh, you Mac users over there need to stop snickering becasue it affects you too. Microsoft has warned users that a critical vulnerability has been found in Excel:
Security experts say that the flaw, occurring in Microsoft Office Excel 2007 and earlier, exists in the old Excel binary .xls format. The attack is triggered when the user opens the malicious spreadsheet, causing two files to be dropped on the system — the malicious binary as well as another valid Excel document. The shell code then executes the dropped files and opens the valid Excel document to mask the fact that Excel has just crashed or become infected with the malware.
Upon opening an infected Excel file, users unknowingly execute a Trojan horse downloader onto their computers that can be used to stealthily record keystrokes and steal private and financial data.
Products affected by this include:
- Office 2000
- Office 2002
- Office 2003
- Office 2007
- Office 2004 for Mac
- Office 2008 for Mac
- Open XML File Format Converter for Mac
So far, no patch exists. But you can bet that programmers at Microsoft are working hard on one if only to stop the chairs from being thrown at them by Steve Ballmer so that users are safe once again.