On the 24th of February, Microsoft released a security advisory for Excel (CVE-2009-0238):
http://www.microsoft.com/technet/security/advisory/968272.mspx
Quoting my previous post:
Both McAfee and Symantec reported a Trojan attacking this vulnerability. According to McAfee, current attacks are very targeted and limited. When successful, it installs a backdoor that attempts to connect a remote site port 80 and waits for commands.Today, the patches for March were announced but they did not include Excel. Although not being exploited widespread, I still would be cautious against targeted attacks.
Related posts:
- Trojans using an Excel 0-day roaming about
- Acrobat Reader exploits in the wild (updated)
- Internet Explorer 0-day impacts IE6 and IE8 as well. Indication of exploitation by SQL injections increase.
- ISPs in trouble, DDoS and Targeted Attacks
- ISACA Event: The changing threat: Targeted Attacks
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment