Endpoint Protection

Last week, Microsoft published Security Advisory 932553to warn Windows users of a new vulnerability in Microsoft Office.Security Response has analysed a sample of a malicious Microsoft Excelfile that appears to be exploiting the vulnerability that is hinted atin that Advisory. Fully patched versions of Office 2000, XP, and 2003appear to be vulnerable to this exploit.

Upon opening the malicious Microsoft Excel document, which Symantec now detects as Trojan.Mdropper.Y, it drops a Trojan horse program by using the exploit referenced by CVE-2007-0671 (BID 22383).It proceeds to drop a back door Trojan onto the compromised computer.It then attempts to contact a remote server and may enable an attackerto gain remote access to your computer. Both Trojans are detected as Backdoor.Bias.

It appears to be exploiting a bug on MSO.DLL, a shared library usedby Office applications, so as Microsoft indicated in the advisory, itcould affect other Office applications. However, to date, we have onlyseen it execute on Excel.

As this vulnerability has not been patched yet, you should be extracareful and refrain from opening Office files received from untrustedsources. In general, to protect yourself against threats, you shouldexert extreme care when you receive any files unless they are expectedand come from a known and trusted source. Keep your antivirusup-to-date and follow safe computing practices.