Microsoft Confirms Excel Zero-Day Attack 199
Guglio writes "Eweek has a story about a new, undocumented Excel flaw that is being used in a targeted attack against an unnamed business. The latest zero-day attack comes just two days after Patch Tuesday (coincidence?) and less than a month after a very similar, 'super, super targeted attack' against business interests overseas. The back-to-back zero-day attacks closely resemble each other and suggest that well-organized criminals are conducting corporate espionage using critical flaws purchased from underground hackers."
Hackers can't do it? (Score:5, Funny)
Are you implying that hackers don't have the wherewithal to pull off corporate espionage? Can they do nothing more than crack the latest version of VirtuaGirl?
okN.xls? (Score:5, Funny)
Hmm, I guess I should rename my spreadsheet containing a list of Oklahoma natives.
Zero day?!? (Score:5, Funny)
Re:unnamed business (Score:3, Funny)
Think about it. It's a company that relies upon Excel. That means it's full of PHBs who keep using Excel to do everything from track projects to design reports.
It's your employer. Yep. That's right. I checked your IP address, I see who you're working for. Your employer works exactly as I describe.
They got what they deserved... (Score:5, Funny)
You can't go running around with a business without a name! Focus groups people, focus...
Well organized criminals (Score:1, Funny)
Clean cubicles, every one of em. And well groomed, too.
When will people learn about MS orifice... oops I mean office.
Re:Hackers can't do it? (Score:5, Funny)
They can do that? Do you know where I can find these guys? I need to, uh, confirm your statement. Solely for scientific purposes, you understand.
Re:It's part of Microsoft's plan (Score:5, Funny)
Because, through various cutouts to avoid it being traced back to them, it is Microsoft selling the exploits.
I mean, come on, you ever know Microsoft to pass up such an obvious opportunity to leverage a monopoly in one field (say, Office suites) into a dominant market position in another field (say, exploits for Office suites.)
</tinfoil>
Unnamed business? (Score:5, Funny)
I think they should be more worried that they are the victim of identity theft [slashdot.org].
stupid (Score:4, Funny)
An Excel exploit? (Score:5, Funny)
Re:unnamed business (Score:5, Funny)
Re:Corporate espionage ROFL! (Score:3, Funny)
I'm sure you'll be needing them.
Re:Another reason to have an open file format (Score:4, Funny)
Re:Hackers can't do it? (Score:5, Funny)
Hey! I resent that!
Love,
Professor James Moriarty.
Re:NOT TO FEAR! (Score:3, Funny)
1. Built under their "security is top priority" and "trustworthy computing" iniatives.
2. Microsoft built security focused tools such as
3. Given the long development cycle, I'd have to imagine they recoded most of the system and not based it off of their previous code which all has major critical security issues.
4. I'd have to imagine in the effort to keep the system secure, backwards compatibility is largely sandboxed to not allow this insecure code to infect the integrity of the system.
5. With the knowledge that most home users (And small business users) ARE THE administrator, I'm sure they are taking special precautions to provide resources to enhance their knowledge of security and maintaining a secure system. With the 10+ gigabyte default install and modern day video capabilities, I'd imagine they have lots of video to get this knowledge out to people.
6. They have stated it is not only the most secure WINDOWS release ever, but the most secure OPERATING SYSTEM ever. I don't recall this being the case with previous releases. They even attended a blackhat conference (or something) to prove this! It must be true.
7. For extra precaution, they have high system requirements and excessive annoyances (such as making the simple task of deleting a desktop icon into a 6+ step procedure) to provide a barrier so just not everyone buys it the day it is released. Seems like they have structured it so most people won't get it until atleast SP1 or later which should be great to provide extra time to make it even more secure then the most secure OS ever.
Based on all of this. I am positive that Microsoft is right and you are wrong. a'Yup..
Re:NOT TO FEAR! (Score:5, Funny)
In any case to presume some kind of pattern from this last decade of operating systems is poor reasoning --the science just isn't in yet to show any long-term trends. Sure, the 7 of 10 most exploited operating systems have been released in the last decade, but that is not statitically relevant over the million year record of security issues. Certainly taking some kind of preventive action like using Safe Languages is just being alarmist as is all the liberal scaremongering that "all your base will be pwned" by the end of the century. Think of the economic impact of all those wasted cycles that could be better used doing manual memory management.
Listen, the computer was here long before Windows, and they'll still be around after Windows is gone. We're overstating our importance to say that mere programmers can destroy the whole computer. Sure, it may be uninhabitable by our software but eventually random bit-flipping will reset the computer and a new OS will take over. It's evidence of the indisputable intelligent design of computers that they can recover from anything we could possible run on them.
Re:An Excel exploit? (Score:5, Funny)
Re:unnamed business (Score:3, Funny)