State of targeted attacks – criminals exploiting Excel vuln during two months
It’s time to look the recent state of targeted attacks. Like we already know the main attack vector in these attacks is Microsoft Office attachment. There are no many organizations that simply can filter .DOC, .XLS and .PPT files.
In mid-January Microsoft confirmed that a new, previously unknown Excel vulnerability was used in targeted attacks. On Monday this week US-CERT issued a warning about the new wave of exploitation. This extremely critical vulnerability, rated ’10.0′ by CVSS meter BTW, was known as header information code execution vulnerability.
The fix is included to today’s Excel Bulletin MS08-014. However, Microsoft says the following now:
What causes the vulnerability?
Microsoft Excel does not properly validate macro information when loading specially crafted Excel files.
In January we had a very small pieces of information related tho this vuln and Trojan exploiting it.
Information about the characteristics of these targeted attack can be read via my FAQ documents.