A zero-day vulnerability in spreadsheet software Microsoft Excel is reportedly being abused by cybercriminals in real-world scenarios.
According to an advisory (opens in new tab) issued by Microsoft, the security feature bypass bug could allow unauthenticated threat actors to launch attacks against vulnerable users with relative ease.
To exploit the flaw, an attacker would need to trick a victim into opening a malicious Excel document, perhaps delivered via phishing email or malicious website.
The vulnerability has been handed a score of 7.8/10 per the Common Vulnerability Scoring System (CVSS), placing it in the high severity category.
What about Excel on Mac?
Although Microsoft has now delivered a patch for Excel on Windows devices as part of this month’s Patch Tuesday, Apple customers remain vulnerable to the exploit.
The company explained that Microsoft 365 users on Mac devices will have to wait a little longer for a patch, but did not specify a reason or time-frame.
“The security update for Microsoft Office 2019 for Mac and Microsoft OFfice LTSC for Mac 2021 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information,” the advisory (opens in new tab) explained.
To shield against attack, Windows users are advised to update their Excel installations to the latest build immediately. Mac users, meanwhile, should avoid interacting with unsolicited email attachments and avoid downloading content from unfamiliar sources while they await a full patch.
More generally, meanwhile, users should ensure their devices are protected by a leading antivirus service and that all software patches are installed on a regular basis.
- Here's our list of the best endpoint protection (opens in new tab) software around
Via Bleeping Computer (opens in new tab)