Now that the dust is settling from yesterday’s “Patch Tuesday”, Office is the main culprit this time. There is a report from US-CERT that there is a trojan that leverages a hole in Excel making the rounds.
From US-CERT:
US-CERT is aware of public reports of a trojan that may exploit a vulnerability in Microsoft Excel. This trojan is circulating through email messages that contain attached Excel files. Known file names for these attachments are OLYMPIC.XLS and SCHEDULE.XLS. These files may also contain Windows binary executables that can compromise an affected system.
From vnunet:
The four bulletins in yesterday’s Security Update addressed 12 vulnerabilities in the popular software.
Each of the bulletins fix vulnerabilities which could allow an attacker to remotely execute code on the target system. Microsoft has rated all four as ‘critical’, the highest of its four alert levels.
The bulletins address flaws in Outlook, Excel and Office web components. The update applies to Office XP, 2000, 2003 and 2007. Mac versions of Office 2004 and 2008 were also updated, each receiving fixes rated ‘important’.
XP and Vista ducked the spotlight this time.
[tags]Excel trojan, Microsoft Patches, Patch Tuesday, OLYMPIC.XLS, SCHEDULE.XLS[/tags]