Malicious code aimed at unpatched security flaws in software applications is becoming increasingly common. The latest report to hit our desks relates to Microsoft Excel.
The security flaw affects Microsoft Excel for versions older than Microsoft Office 2007 . Microsoft is warning that the 'extremely critical' security hole in its spreadsheet software can make it possible to run malicious code from a vulnerable computer, but added that only a local user on the computer could exploit the vulnerability.
According to Microsoft , malicious code exploiting the security flaw has been published for Excel versions Microsoft Office 2000, Microsoft Office XP, Microsoft Office 2003, as well as Microsoft Office 2004 for Mac. Microsoft also warned that the problem may affect other Office software as well.
"While we are currently only aware that Excel is the current attack vector, other Office applications are potentially vulnerable," an advisory on the Microsoft Security Response Center blog read. A patch is under development, it added.
Microsoft reported that the flaw was being used in 'very limited' attacks. Users should be careful when receiving Office documents and not open files from untrusted sources.
It may be too late for Microsoft to patch this Excel flaw in its next scheduled security update, due next Tuesday, 13 February.