In an entry on the Microsoft Security Response Centre blog, the software giant says one user had reported an attack exploiting the vulnerability in Excel, part of the Office suite.
A week after Microsoft?s monthly security update, which included a patch for a ?zero-day? bug found in Microsoft Word last month.

In a blog entry posted on Friday, Microsoft said, ?In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an e-mail attachment or otherwise provided to them by an attacker.?

It warns users to be ?very careful opening unsolicited attachments from both known and unknown sources?.

Microsoft is investigating the flaw and has identified workarounds to prevent attacks, but a later blog entry says, ?We are concerned that they might have an impact to the usability of Excel. Based on some of the customer feedback regarding the recent Word workarounds, we want to take the extra time to fully vet our guidance.?

The security response centre’s Mike Reavy said, “All of our various protection tools detect this malware and remove it.? The company was working on an advisory notice, he added.

[url=http://blogs.technet.com/msrc/archive/2006/06/17/436860.aspx]Update from Microsoft Security Response Center Blog![/url]

[url=http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx]Original Post[/url]

---

Filed under: m$ - @ June 19, 2006 11:14 pm