Excel Flaws Being Exploited by Hackers - 23 Jun 2006

To ensure that future email messages you receive from WinInfo Daily UPDATE aren't mistakenly blocked by antispam software, be sure to add [email protected] to your list of allowed senders and contacts.


This email newsletter comes to you free and is supported by the following advertiser, which offers products and services in which you might be interested. Please take a moment to visit this advertiser's Web site and show your support for WinInfo Daily UPDATE.

World Data

==== Sponsor: World Data ====

Free Intel Server Spec Book
Order the 108- page book featuring nearly 1,000 Dell, HP Proliant, and IBM Server models. This definitive guide provides information on processor, memory and storage specifications. A must for everyone involved in the design, installation and maintenance of servers. From World Data Products, the world-class provider of server, storage, and networking solutions.To order go to

http://www.wdpi.com/camp/server_2a.htm or call 800-553-0592.

==== In the News ====

Excel Flaws Being Exploited by Hackers

by Paul Thurrott, [email protected]

Recently revealed critical security flaws in Microsoft Excel have been exploited at least three times by attackers, raising users' fears that Excel will soon be compromised by Internet-based attacks. The exploiters differ somewhat in their attack methods, although all of the attack methods require a user to open a maliciously crafted Excel spreadsheet. Successful attacks result in the attacker remotely controlling the targeted PC.

In one exploit, an Adobe Macromedia Flash-based component launches without any user interaction other than opening the spreadsheet, running code on the unsuspecting user's PC. Another attack embeds code for a Trojan horse onto the PC, and a third requires a user to click a hyperlink within the spreadsheet. However, Microsoft claims that the exploits are simply proof of concepts and that one of the attack methods actually exploits a component of Windows, not Excel.

Regardless of the technical details, Excel users should avoid opening Excel spreadsheets from sources they don't trust. Exploited Excel spreadsheets can take advantage of flaws--whether in Windows or Excel--that let attackers remotely control the compromised PC. And although one attack method requires users to make two mistakes--(i.e., opening the document and clicking a hyperlink within the document)--two of the exploits work when users do nothing more then open the document.

All of the exploits affect Excel 2003, which is the latest version of the Windows edition of the product. However, some of the exploits also affect other Excel versions, including one that works on various Mac OS X-based versions of Excel.

I presume that Microsoft will fix the flaws on or before its next monthly security patch day, which is set for July. In the meantime, the company has released some workarounds for one of the flaws (see the URL below).


==== Events and Resources ====

Get all you need to know about today's most popular security protocols, including SSL-TLS, for Web-based communications.


==== Featured White Paper ====

Test the Starter PKI Program to benefit your company with timesaving convenience and secure multiple domains and host names.


Bonus: When you download any whitepaper from Windows IT Pro before June 30, you'll be entered to win Bose Triport Headphones. See the full selection today at http://www.windowsitpro.com/whitepapers

==== Announcement ====

June Special--Save $80 off the Windows Scripting Solutions newsletter Get endless scripting techniques and expert-reviewed code. Subscribe to Windows Scripting Solutions today and save $80:


==== Contact Us ====

About the newsletter -- [email protected]
About technical questions -- http://www.windowsitpro.com/forums
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring an UPDATE -- [email protected]


This email newsletter is brought to you by Windows IT Pro, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today!


View the Windows IT Pro privacy policy at


Windows IT Pro is a division of Penton Media Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2006, Penton Media Inc. All Rights Reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.