Wed, Oct 14, 2009
Patches available for Vista SMB2 Remote Command Execution Vulnerability
The security vulnerability in Windows Vista, Server 2008, and Windows
7 RC reported
previously has been patched. The vulnerability was caused by a
bug in SMB v2.0 (the part of Windows that implements enhanced network
shares), allowing an attacker to create a specially crafted network
packet to run arbitrary commands on an affected Windows machine. For more
information, see
http://www.microsoft.com/technet/security/bulletin/ms09-050.mspx
Patch for A New Adobe Acrobat Vulnerability
Adobe has released patches to all shipping versions of Acrobat and
Acrobat reader, for all platforms (Windows, Mac, UNIX) that fix
a newly identified vulnerability that would allow an attacker to
create a malicious PDF file that, when viewed with Acrobat, could run
arbitrary commands as the user viewing the file. Adobe claims that
versions 9.2, 8.1.7 and 7.1.4 of Acrobat and Acrobat reader contain
the fix. Users of previous versions of Acrobat on all platforms are
urged to upgrade to one of these versions. For more information, see
http://www.adobe.com/support/security/bulletins/apsb09-15.html.
Vista SMB2 Vulnerability Allows Remote Command Execution
A security vulnerability in Windows Vista, Server 2008, and Windows
7 RC has been discovered. A bug in SMB v2.0 (the part of Windows
that implements enhanced network shares) allows an attacker to create a
specially crafted network packet to run arbitrary commands on an affected
Windows machine. An
exploit of this bug has already been made public. Windows 2000, XP, and
the RTM (final) version of Windows 7 is not affected by this bug, but the
RC
(beta/testing) version of Windows 7 is apparently affected. Microsoft
has not yet released a fix, but has published some workarounds at
http://www.microsoft.com/technet/security/advisory/975497.mspx.
Patches for Critical Vulnerability in Adobe Flash Player, Acrobat Reader
Adobe has released patches for the critical vulnerability in Adobe
Flash Player versions 9 and 10, and in Adobe Acrobat and Acrobat Reader mentioned
previously. This vulnerability allows a malicious person to create
flash media that will run commands of their choosing on your computer
when viewed. This vulnerability can be exploited in Adobe Acrobat reader
via a PDF file that contains embedded malicious flash media. There are
reports that malicious PDF files that exploit this vulnerability are actively
propagating. Adobe urges users of Flash Player 10 to upgrade
to version 10.0.32.18 or later, users of Flash Player 9 to
upgrade to 9.0.246.0 or later, and users of Adobe Reader
to upgrade to 9.1.3 or later. For more information, see
http://www.adobe.com/support/security/bulletins/apsb09-10.html.
Critical Exploited Vulnerability in Adobe Flash Player, Acrobat Reader
Adobe has reported that a critical vulnerability exists in current
versions of Adobe Flash Player versions 9 and 10 that allows a malicious
person to create flash media that will run commands of their choosing
on your computer when viewed. This vulnerability can be exploited in Adobe
Acrobat reader via a PDF file that contains embedded malicious flash media.
There are reports that malicious PDF files that exploit this
vulnerability are actively propagating. Adobe promises fixes on
July 30th and 31st. In the meanwhile, as a partial workaround, Adobe has
supplied instructions that temporarily disable the ability of Acrobat Reader
to display flash media embedded in a PDF file. For more information, see
http://www.adobe.com/support/security/advisories/apsa09-03.html.
Another Exploited ActiveX Vulnerability in Windows web browsers; workaround available
Another security vulnerability in Microsoft ActiveX for Internet Explorer
has been reported by Microsoft, and is being actively exploited. This
vulnerability exploits a flaw in a Microsoft Office Web Component ActiveX
control, and allows an attacker to create a malicious web page
which, when browsed by a Windows-based web browser, will run
commands of the attacker's choosing on the browsing machine.
While a fix is not yet available, Microsoft has published a
workaround that (temporarily) disables the vulnerable ActiveX
control(s). This workaround is available from Microsoft at http://support.microsoft.com/default.aspx/kb/973472.
For more information, see
http://www.microsoft.com/technet/security/advisory/973472.mspx.
Important Windows Patches Expected for Exploited DirectX, Quicktime Flaws
Microsoft has announced that it plans to release six security
bulletins on Tuesday, July 14th, along with patches that will fix the DirectX
DirectShow Quicktime flaw and the Video
ActiveX Control flaw, both mentioned previously. These
both are being actively exploited via compromised web sites.
Other flaws discovered by Microsoft, not yet being actively
exploited, will also be fixed. For more information, see http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx.
Exploited ActiveX Vulnerability in Windows web browsers; workaround available
A security vulnerability in the Microsoft Video ActiveX control
has been discovered and is being actively exploited. This vulnerability
allows an attacker to create a malicious web page which, when browsed by
a Windows-based web browser, will run commands of the attacker's choosing
on the browsing machine. While a fix is not yet available, Microsoft
has published a workaround that (temporarily) disables the vulnerable
ActiveX control(s). This workaround is available from Microsoft at http://support.microsoft.com/kb/972890.
For more information, see http://www.kb.cert.org/vuls/id/180513
and
http://www.microsoft.com/technet/security/advisory/972890.mspx.
Significant vulnerability in Adobe Shockwave; update available.
Adobe has reported a significant vulnerability in Adobe Shockwave Player
version 11.5.0.596 and earlier. The vulnerability allows an attacker to
create a malicious shockwave file which, when viewed in an affected version
of Shockwave Player, runs arbitrary commands of the attacker's choice on
the machine running the player. Because Shockwave Player is available as a
plug-in for web browsers, any web browser using a vulnerable version of the
player can be exploited by an attacker by making a malicious shockwave file
available on a web site, and luring the user of the web browser to that site.
The flaw is fixed in Shockwave Player version 11.5.0.600 and later; please update any installations of Shockwave Player accordingly by going to the website http://get.adobe.com/shockwave/. For more information, see http://www.adobe.com/support/security/bulletins/apsb09-08.html.
Thu, Jun 18, 2009
Patch for A New Adobe Acrobat Vulnerability
Adobe has released patches to all shipping versions of Acrobat and
Acrobat reader that fix a newly identified vulnerability that would allow
an attacker to create a malicious PDF file that, when viewed with Acrobat,
could run arbitrary commands as the user viewing the file. Adobe claims
that versions 9.1.2, 8.1.6 and 7.1.3 of Acrobat and Acrobat reader contain
the fix. Users of previous versions of Acrobat on all platforms are
urged to upgrade to one of these versions. For more information, see
http://www.adobe.com/support/security/bulletins/apsb09-07.html.
Critical Unpatched Mac OSX Java Vulnerability Now Fixed
The serious flaw in the Java virtual machine
mentioned earlier is now fixed for Mac OS X 10.4.11 and 10.5.7.
The flaw allows a Java applet to run
arbitrary commands as the user of the web browser viewing the applet.
This means a malicious web site could do harmful things to any unpatched
Macintosh that connects to it with a web browser capable of running Java
applets.
Patches are presently available vi Apple Software Update, or as Java for Mac OS X 10.5 Update 4 or Java for Mac OS X 10.4, Release 9 from Apple's support site at http://support.apple.com/downloads/.
Please note that Java and Java applets are different and distinct from Javascript. This particular flaw does not affect Javascript.
Wed, Jun 10, 2009
Multiple Security Flaws in Microsoft Office Applications: Patches Available
A set of flaws in all current versions of Microsoft Office for Windows
and the Macintosh allow maliciously crafted MS Word or Excel
files to be provided by an attacker, for example, as an email
attachment or on a web page, which, when opened, allows the
attacker to run arbitrary commands as the user who opened
the file. Patches are available from Microsoft via Automatic
Update/Windows Update, and for download from Microsoft's web site.
For more information, see Microsoft's security bulletin at
http://www.microsoft.com/technet/security/bulletin/ms09-jun.mspx.
Unpatched Web-Exploitable Flaw in DirectX on Windows XP, 2003 and 2000
An unpatched security vulnerability in DirectX on Windows XP, 2003 and 2000
has been announced. It allows an attacker to create and distribute (e.g. via
a web site) a malicious QuickTime media file. This malicious file, when
viewed (e.g. via a web browser) will run the attacker's commands
on the viewing machine. Microsoft is aware of limited active attacks
that exploit this vulnerability. While no patches have yet been
released, Microsoft has outlined some workarounds that will block
some of the ways that this vulnerability is presently being exploited.
For more information, and for workaround instructions, please see
http://www.microsoft.com/technet/security/advisory/971778.mspx
Critical Unpatched Mac OSX Java Vulnerability
There is a a serious flaw in the Java virtual machine shipped with
all current versions of Apple Mac OSX. It allows a Java applet to run
arbitrary commands as the user of the web browser viewing the applet.
This means a malicious web site could do harmful things to any Macintosh
that connects to it with a web browser capable of running Java applets.
No patches are presently available. Until patches become available, Mac users should disable Java applets in their web browsers, and Safari users on Mac should disable "Open safe files after downloading". For more information, see http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html.
Fri, May 15, 2009
Clarification for Powerpoint for Mac: Security Flaw Not Fixed
Clarification: on the Mac platform, no fix is
yet available for the Powerpoint vulnerability reported
a bit over a month ago. This vulnerability allows an attacker to
create a specially crafted Powerpoint document that can automatically run
commands specified by the attacker when the document is opened or viewed.
The affected versions are Powerpoint 2000, 2002, 2003, and 2004 for
Windows and the Mac. Patches (Microsoft Office PowerPoint Service Pack
3) are available for the Windows platform only. These are available via
Windows Update or by download from Microsoft. For more information, see
http://www.microsoft.com/technet/security/bulletin/ms09-may.mspx.
Patch for Adobe Acrobat Javascript-related Vulnerability
Adobe has released patches to all shipping versions of Acrobat and
Acrobat reader to fix a previously
reported Javascript-related vulnerability. Adobe claims
that versions 9.1.1, 8.1.5 and 7.1.2 of Acrobat and Acrobat reader
contain the fix. Users of Acrobat on all platforms are urged
to upgrade to one of these versions. For more information, see
http://www.adobe.com/support/security/bulletins/apsb09-06.html.
Security Vulnerability in Powerpoint now fixed
Microsoft has released a fix to the Powerpoint vulnerability
reported a bit over a month ago. This vulnerability allows
an attacker to create a specially crafted Powerpoint document that
can automatically run commands specified by the attacker when the
document is opened or viewed. The affected versions are Powerpoint
2000, 2002, 2003, and 2004 for Windows and the Mac. Patches (Microsoft
Office PowerPoint Service Pack 3) are available through Windows
Update, or for download from Microsoft. For more information, see
http://www.microsoft.com/technet/security/bulletin/ms09-may.mspx.
Unpatched Javascript-related Vulnerability in Adobe Acrobat Reader
Adobe has announced a vulnerability in all shipping versions of Adobe
Acrobat and Adobe Acrobat Reader, for all platforms (Windows, Macintosh
and UNIX). It allows a specially crafted PDF document to run arbitrary
commands when viewed with a vulnerable version of Reader. No patches
are yet available for the problem. However, the vulnerability requires
Javascript, and can be protected against by turning off Javascript within
Acrobat Reader. This can be done in Acrobat Reader via Edit>Preferences,
selecting Javascript, and unchecking "Enable Acrobat Javascript" as instructed
by Adobe. Adobe promises to provide more
information as it becomes available, via their security
advisory site and their product
security incident response team blog.
Alternatives to Adobe Acrobat Reader
Adobe Acrobat Reader is not the only software available to view
PDFs. When a flaw is reported in Acrobat Reader, it may be possible
to protect oneself against it by using another software package to
view PDFs. Alternatives to Acrobat Reader for Windows systems
include Foxit,
Cabaret
Stage, Xpdf, PDF-XChange
Viewer, and GSview.
A list
of PDF software is maintained at Wikipedia.
Defending against SSH password guessing attacks
If you run an SSH server on your computer so that you can
log into it from outside, please make sure that all your
accounts, particularly system ones like "root", have strong,
hard-to-guess passwords, not short passwords
or passwords based on dictionary words or names. Increasingly, many
compromised machines on the internet are being used to try to connect
to any SSH service they can find, using guessed logins and passwords.
If you have SSH running on your machine, make sure all your passwords are
hard to guess.
Security Vulnerability in Powerpoint
A security vulnerability in some versions of Microsoft Powerpoint allows
an attacker to create a specially crafted Powerpoint document that can
automatically run commands specified by the attacker when the document
is opened or viewed. The affected versions are Powerpoint 2000,
2002, 2003, and 2004 for Windows and the Mac. Powerpoint Viewer and
Powerpoint 2007 and 2008 are not affected. For more information, see
http://www.microsoft.com/technet/security/advisory/968272.mspx.
The similar vulnerability in Excel 2000 through 2004 mentioned earlier is not yet fixed. It is advisable not to open or save Excel or Powerpoint documents received from untrusted sources, or received unexpectedly from trusted sources.
Mon, Mar 30, 2009
Check Your Windows PC for Conficker
At the moment, there is a piece of malicious software (a "worm") called
"Conficker" (also sometimes called "Downadap" or "Downadup") running
on millions of Windows PCs on the internet. It is configured to accept
and execute instructions from its authors later this week (April 1st).
We don't know who the authors are, and what they intend to do on April 1st,
but it would be well advised to check before that date whether or not your
PC is infected by Conficker, and if so, to remove it.
If you use a Windows PC, please take a moment to check to see if your PC has this software running on it, by attempting to browse the website www.mcafee.com. This is the website of McAfee Inc, a prominent manufacturer of anti-virus software. Conficker prevents the PC it is running on from browsing this site (and certain others). If you cannot browse www.mcafee.com but you can browse other sites, you may have Conficker running on your PC. Please follow the Conficker removal instructions at http://support.microsoft.com/kb/962007.
For more information, see http://www.us-cert.gov/cas/techalerts/TA09-088A.html.
Thu, Mar 26, 2009
Fix for Acrobat Vulnerability Now Available
The Adobe vulnerability mentioned
previously is fixed in Adobe (Reader) 9.1 and later. For those
relying on older versions, users of Adobe 7.x and 8.x can upgrade
to 7.1.1 or 8.1.4, respectively. For more information, see
http://www.adobe.com/support/security/bulletins/apsb09-04.html.
Unfortunately the Microsoft Excel flaw also mentioned previously is still not yet fixed.
Thu, Feb 26, 2009
Vulnerabilities in Acrobat, Excel
Two security vulnerabilities in widely used packages have been discovered,
one in some versions of Microsoft Excel, and another in Adobe Acrobat
(including Acrobat Reader). An attacker could create a specially crafted
Excel or PDF document, propagate it by email or by the web, which, when
opened on a particular computer, would automatically run commands specified
by the attacker. Both these vulnerabilities are currently being exploited.
The Microsoft Office Excel flaw is found in Excel 2000, 2002, 2003, and 2004, including Excel Viewer, on both the Mac and Windows versions. It is not present in Excel 2007 or 2008. It is fixed in Office 2003 service pack 3. For more information, see http://www.microsoft.com/technet/security/advisory/968272.mspx.
The Adobe Acrobat flaw is found in all versions of Acrobat and Acrobat Reader, on all platforms (Windows, Mac, Linux, BSD, etc.) Adobe has not issued any patches for this yet. For more information, see http://www.adobe.com/support/security/advisories/apsa09-01.html.
When a security vulnerability in a software program like Excel or Acrobat is discovered, it is being exploited, and no patch is available, it is important to use extra caution when receiving documents of the affected type (Excel, PDF), particularly when browsing the web or reading email. Alternatives to Excel such as OpenOffice or Gnumeric, and/or alternatives to Acrobat such as Foxit, Cabaret Stage, Xpdf, or GSview/Ghostscript may be worth considering.
Mon, Jan 26, 2009
Conficker
A new computer virus/worm called "Conficker" or "Downadup"
(and variants) is spreading quite widely; it is being called in the media the biggest
worm attack in years, and has allegedly infected nearly
nine million PCs in a couple of weeks. Conficker
gives full control of your computer to criminals.
Like most worms, Conficker exploits over the network a
recent vulnerability in Windows, for which a patch exists, and can
be defended against by keeping your machine up to date. However,
Conficker also exploits a feature of Windows called "Autorun"/"Autoplay"
to spread itself via removable media (e.g. USB flash drives) or network
shares. Autorun/Autoplay can cause programs to be run automatically
from removable media (USB keys, memory cards, CD-ROMs etc.) when they
are first connected to a computer, or when a user clicks the drive
icon for a removable device. In Windows Vista, or Windows 7 beta, when
removable media is attached, an AutoPlay menu of options will pop up,
one of which will be to run the virus. Unfortunately, the virus lies
about what will happen if you select the option that run it, claiming
it is
"Published by Microsoft Windows" and will merely "Open folder to view
files". As a result, it is difficult to tell which choice on the
AutoPlay menu harmlessly views the files on the media and which one will
install the virus on your computer. It is safest to
disable Autorun/Autoplay entirely on Windows computers.
Autorun/Autoplay
Autorun/Autoplay is a feature of Microsoft Windows that allows software on
removable media (such as flash drives or memory cards) to run automatically.
Some worms/viruses, such as Conficker, use Autorun/Autoplay to propagate
from one machine to another. It is safest to disable Autorun/Autoplay
entirely on Windows computers.
To disable Autorun/Autoplay, follow the instructions at
http://www.us-cert.gov/cas/techalerts/TA09-020A.html.
Microsoft has admitted that their original instructions
do not fully disable Autorun/Autoplay, and have provided
updates at
http://support.microsoft.com/kb/953252. The loss of the autorun/autoplay
feature will mean that software will no longer run automatically when
you insert digital media. Most often, this means that software will not
automatically install when you insert the installation CD or DVD, and
you will have to click the drive icon of the removable device and then
double-click on the installer icon (usually called "setup"). However,
music and video CDs and DVDs will continue to play automatically.
Patch for Internet Explorer Vulnerability
Microsoft has issued an off-cycle patch (MS08-078
)
to address the critical vulnerability mentioned earlier. It should be applied everywhere
as soon as possible. For more information, see
http://www.microsoft.com/technet/security/advisory/961051.mspx.
In general, however, it remains recommended that one's default web browser be
something other than Internet Explorer, with Internet Explorer used only for
specific sites that require it.
Internet Explorer Vulnerability
An unpatched vulnerability in Internet Explorer, the default web
browser in Microsoft Windows, is now being actively exploited
by malicious website links. It allows an attacker to run
arbitrary commands as the user who is running the web browser.
Microsoft has not yet released a patch, but has published some
workaround suggestions that can reduce the likelihood of
an attack succeeding. In particular, setting internet and local
intranet security zone settings to "high" is recommended. However,
the use of a web browser other than Internet Explorer (such as www.firefox.com) may be advisable, at
least until this vulnerability is patched. For more information, see
http://www.microsoft.com/technet/security/advisory/961051.mspx.
Be Aware of "Phishing" Emails
There has been a rash of "spear phishing" attacks on campus. These are
emails targetted at specific people or groups that attempt to convince them
to execute a malicious attachment, click on a malicious link, or divulge
personal information (e.g. by emailing one's login and password to a
particular address). These "spear phishing" emails are crafted to appear
to come from trusted university sources, such as the campus help desk.
Please be aware that no university help desk or tech support group will send you an unsolicited message asking you to email a password or execute an attached program. If you get such a request, it is likely a forgery. For more information on the recent attacks, see http://www.news.utoronto.ca/campus-news/u-of-t-computer-staff-warn-of-phishing-scams.html
Thu, Jan 17, 2008
Vulnerability In Microsoft Excel
A serious vulnerability has been discovered in most versions of
Microsoft Excel: it allows a malicious spreadsheet to be crafted which,
when opened by a user, will automatically execute the attacker's
commands on the user's computer. This vulnerability is apparently being
actively exploited. All versions of Microsoft Excel (including Excel
Viewer) for Windows or Macintosh are vulnerable except for Excel 2003
service pack 3, Excel 2007, and Excel 2008. To correct this
problem, upgrade to a non-vulnerable version of Excel. For more
information, see
http://www.microsoft.com/technet/security/advisory/947563.mspx.
Outlook and Web Security Vulnerability Patch Now Available
Microsoft has issued an off-cycle patch for the Windows Animated Cursor
handling problem mentioned earlier; the patch is available at
http:
//www.microsoft.com/technet/security/bulletin/ms07-apr.mspx.
Unpatched Outlook and Web Security Vulnerability
A serious new, unpatched vulnerability in Microsoft Windows Animated
Cursor handling has been reported, and is being actively exploited.
This vulnerability allows arbitrary malicious commands to be executed
through simply viewing a web page or HTML/Rich Text email. Until this
vulnerability is patched, if you are using Outlook 2002 (service pack
1 or later), configure it to read email in plain text only. Outlook
Express, and earlier versions of Outlook, are still vulnerable to
exploitation even if reading email in plain text, so those versions
should be avoided altogether. Do not browse potentially unsafe web
pages. For more details and for updates on the status of this issue,
see htt
p://www.microsoft.com/technet/security/advisory/935423.mspx.
Malicious Email and Web Files Exploiting Microsoft Products
Since before the end of 2006, there have been a
number of unpatched vulnerabilities in Microsoft products, some of
them quite serious, that remain expoitable by email and/or the web.
Many of these vulnerabilities are being actively exploited. A summary
of these vulnerabilities is maintained by SANS Internet Storm Center (isc.sans.org) at
http://isc.sans.org/diary.html?storyid=1940
Some general recommendations for protecting oneself from malicious emails and web pages are as follows. Distrust Microsoft Office (Word, Excel, Powerpoint) email attachments that have not been solicited, even from people one knows (senders are easily forged). Read email in plain text wherever possible. Examine URLs in email messages for plausibility, and cut and paste them into one's web browser rather than merely clicking on them. If at all possible, avoid using Microsoft Outlook or Outlook Express for email, and Microsoft Internet Explorer as one's default web browser: use Internet Explorer only for trusted web pages that require it. Never browse the web or read email as an administrator; create and use a "limited user" for this so that any malicious command that may be executed will not have full access to the machine.
Unfortunately, following these recommendations will not provide complete protection. Only Microsoft can fix the flaws that are being exploited, and until they do, all users of the relevant products remain vulnerable. However, these may help reduce the risk.
Tue, Feb 13, 2007
Security Flaw in Microsoft Office Patched
The vulnerability mentioned previously has been addressed today by patches from Microsoft.
For more details, see http://www.microsoft.com/technet/security/Bulletin/MS07-015.msp
x.
Unpatched Security Flaw in Microsoft Office
A new flaw in Microsoft Office 2000, XP, 2003 for Windows, and Office 2004
for Mac has been reported and is being exploited on the internet, in which a
maliciously crafted Office file is provided by an attacker, for example, as
an email attachment or on a web page, which, when opened, allows the attacker
to run arbitrary commands as the user who opened the file. Limited exploits
using emailed Excel spreadsheets have been reported. No patch is yet
available. Do not open attachments or follow links in any email you did not
expect, even if it appears to be from a trusted sender. If you receive an
email with an attachment or a link, ask the sender for verification before
opening it. This may be a nuisance, but it is not as much of a nuisance as
dealing with the aftermath of a compromised machine. Microsoft has published
a security advisory at
http://www.microsoft.com/technet/security/advisory/932553.mspx.
Fix for Microsoft Outlook and Internet Explorer
A patch for the vulnerability mentioned earlier is
now available, available through Windows/Microsoft Update, and at http:
//www.microsoft.com/technet/security/bulletin/ms06-055.mspx.
Microsoft Outlook and Internet Explorer Vulnerability
A vulnerability in Microsoft Windows that can be exploited through Internet
Explorer or through Microsoft Outlook has been discovered, but no patch is
yet available. The vulnerability, for example, allows a hostile web site
browsed via Internet Explorer to run arbitrary software (e.g. install
malware, etc.) on the browsing PC. To mitigate this flaw,
consider using an alternate web browser (e.g.
http://getfirefox.com)
and/or an alternate mail reader (e.g. http://getthunderbird.com)
until a patch is available. For more information, see http://
www.microsoft.com/technet/security/advisory/925568.mspx.
Web Page and Network Windows Vulnerability
Two very serious problems in MS Windows have been announced today: one allows
an attacker to break into a Windows machine through a specially crafted web
page, and another allows breakin through a specially crafted network packet.
Patches are available from Microsoft; more information is available at
http://www.microsoft.com/technet/security/bulletin/ms06-aug.mspx
Security Vulnerabilities in Microsoft Excel Fixed Microsoft has announced
patches today for the
security vulnerability in Excel mentioned earlier, and
other serious vulnerabilities in both Microsoft Office,
and Microsoft Windows. Patches are available from the Microsoft Update web site, or from
http://www.microsoft.com/technet/security/bulletin/ms06-jul.mspx.
Please patch your systems as soon as possible.
Security Vulnerabilities in Microsoft Excel
A security vulnerability in Microsoft Excel allows a specially-crafted
spreadsheet to install malware on your computer, if you open it.
This flaw appears in all versions of Excel, for both Mac and Windows systems,
and is being actively exploited. Until you have patched your systems,
please refrain from downloading any Excel files and/or opening any
Excel attachments that you are not expecting. For more information, see
http://www.us-cert.gov/cas/techalerts/TA06-167A.html.
To be emailed any new alerts as they appear, or to cease being emailed such alerts, send email to securityalerts-request@cs.
![[Valid HTML 4.01 Transitional]](/support/security/valid-html401-blue.png){kind=small}
![[Valid RSS]](/support/security/valid-rss.png)
![[Valid Atom]](/support/security/valid-atom.png)