There are reports of two new Microsoft Excel vulnerabilities, both reported by Secunia. The first, which Microsoft acknowledges, is actively being exploited and is due to a memory corruption error in the repair mode. The second vulnerability, which is not yet known to have been exploited, is result of a boundary error in the hlink.dll that when exploited causes a buffer overflow. (Buffer overflows have long been a favorite of malicious hackers.)

Users expose themselves to the vulnerabilities by opening an Excel document that contains an exploit. Vendors have been encouraging users not to open "untrusted" Excel files. Microsoft's has workarounds for the first exploit.

As a systems administrator, my approach in this situation is to neither trust nor unduly alarm the user(s). Typically when something like this comes out, I watch via newsgroups and security warnings to see how widespread the problem is. Then, I look to see if there are workarounds until a vendor, either an antivirus company, or Microsoft, in most cases, releases some form of patch or definition that stops the vulnerability.

In this case, the solution to the first exploit involves walking around to each desk and changing the registry. Thus, I'm taking a variant of the wait and see approach and alarming my users.

Advertisements