- Date: July 2, 2004
On June 19, 2006, Microsoft published an advisory where several MS Excel vulnerabilities could allow remote code execution. Please visit http://www.microsoft.com/technet/security/advisory/921365.mspx for further details as well as Microsoft's response and plan to address this vulnerability.
SecureWorks clients are protected against this threat. SecureWorks deployed additional countermeasures to our Network Intrusion Prevention Managed Service clients earlier this week in response to these vulnerabilities. SecureWorks is recommending to our clients and non-clients, in accordance with Microsoft's recommendation, that you block all inbound email Excel attachments in case additional vulnerabilities in MS Excel surface.
In addition, SecureWorks recommends you strongly consider blocking other Microsoft documents including Microsoft Word documents, Microsoft PowerPoint presentations, and Microsoft Access databases. As stated by Microsoft, "...Microsoft Office applications include functionality to embed Office files as objects contained in other Microsoft Office files. As an example, Microsoft Word files may contain embedded malicious Microsoft Excel files, making Word documents another possible attack vector."
Finally, SecureWorks continues to recommend that individuals not open attached files from suspicious or unknown senders.
For further questions about this issue, please contact Microsoft. To learn more about SecureWorks managed and professional services, please visit our website at http://www.secureworks.com or call 1-877-838-7947.