State of targeted attacks – criminals exploiting Excel vuln during two months

It’s time to look the recent state of targeted attacks. Like we already know the main attack vector in these attacks is Microsoft Office attachment. There are no many organizations that simply can filter .DOC, .XLS and .PPT files.
In mid-January Microsoft confirmed that a new, previously unknown Excel vulnerability was used in targeted attacks. On Monday this week US-CERT issued a warning about the new wave of exploitation. This extremely critical vulnerability, rated ’10.0′ by CVSS meter BTW, was known as header information code execution vulnerability.
The fix is included to today’s Excel Bulletin MS08-014. However, Microsoft says the following now:

What causes the vulnerability?

Microsoft Excel does not properly validate macro information when loading specially crafted Excel files.

In January we had a very small pieces of information related tho this vuln and Trojan exploiting it.

Information about the characteristics of these targeted attack can be read via my FAQ documents.

  • Dan

    This whole Patch Tuesday thing isn’t working out as well as they thought :-x

    I’d like to see cost estimates of how much money/data was lost by the victims of the targeted attacks.

  • Name Joe

    I would call the last Patch Tuesday as Office Tuesday, all vuln were in Office or Office related products.