Contact: Stephanie Stadler
On behalf of Secure Elements
Phone: 703-287-7819
e-mail: sstadler@sheahedges.com

LEVEL 10 SECURITY ALERT:  Microsoft Excel Zero-day Vulnerability
Leading Security and Compliance Expert from Secure Elements Available To Comment on Threat

HERNDON, VA - Jun 16, 2006 -Microsoft posted a warning today that there has been an exploit published for a previously unknown flaw in Excel.  This vulnerability is exploited by opening a malicious Excel document.  The vulnerability is currently being exploited by Trojan.Mdropper.J which drops Downloader.Booli.A on the affected system.

"On the heels of one of the largest patch Tuesdays this year, another zero day vulnerability has been reported to the security community," said Scott Carpenter, Director of the C5 Security Labs.  "There is a flaw in Microsoft Excel that has allowed virus creators to create a specially crafted Excel document, that, when opened by a user, causes a users PC to download and install a Trojan horse which essentially allows an attacker to take over the PC.  

"This type of targeted attack that requires some form of user interaction similar to a current upward trend in similarly styled attacks.  I am sure it is not by accident that this virus was timed to be deployed immediately after Microsoft patch Tuesday. In recent similar attacks, Microsoft has not issued an out of cycle patch. The exploit's immediate release after patch Tuesday is evidently designed to take advantage of a full month before Microsoft is scheduled to patch it."

Security engineers from Secure Elements have classified the severity of this vulnerability as 10, meaning this vulnerability is locally and remotely exploitable, with no available patches or workarounds.  The Security Labs engineers are not aware of any patches released by the vendor.

It is advised to use caution when opening Microsoft Word documents that are sent as attachments via email or otherwise received from an un-verified and trusted source.  It is also highly recommended that antivirus software with up to date virus definitions is present on all systems with email capability.

Systems Impacted:

• Microsoft Windows Excel 2000
• Microsoft Windows Excel 2002
• Microsoft Windows Excel 2003
• Microsoft Office 2000
• Microsoft Office XP
• Microsoft Office 2003

References:

• http://rm.secure-elements.com/rss/docs/20060616_alert1.html
• http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx
• http://www.securityfocus.com/bid/18422

####

About Secure Elements
Secure Elements develops innovative products that help organizations achieve IT security compliance.  We enable organizations to audit, evaluate, and comply with internal, industry, and regulatory policies.  Our solutions reduce business risk and IT management costs while improving systems performance and maintaining business continuity.  Based in Northern Virginia, Secure Elements serves organizations in the federal government and critical infrastructure markets, as well as the Global 1000.  http://www.secure-elements.com