Two new Security Advisories

  • Article

I just want to make sure you have seen it:

  • There were some reports in the last day or two about targeted attacks on Excel. We are aware of these reports and are looking into this. In order to give you our assessment of the situation, we published Microsoft Security Advisory (968272)
    • From what we know so far, an attacker who could exploit this vulnerability could get the privileges of the logged on user. So, if you are not Admin, this would lower the risk.
    • This attack goes after the binary version of Excel files. So, if you are saving the file with the Office 2007 format (.xlsx) the attack does not work.
    • You should definitely look into the workarounds mentioned in the Advisory.
  • The second advisory is about an update for Windows AutoRun (Microsoft Security Advisory (967940))

Roger