Security Adivsory: Microsoft Office Excel zero-day vulnerability

Microsoft Office Excel was reported to have a vulnerability that could allow malicious hackers to attempt remote code execution, if user opens the specially crafted MS Excel file. The malicious Excel file could be hosted on website, arrives as an attachment in email or be passed around through thumb drive/media disk.

Microsoft is currently investigating this vulnerability. As the patches are not available yet, we urged you to take the following precautions:

1. Avoid opening or saving MS Office files, in particularly MS Excel file that you receive from un-trusted sources.

2. Be cautious when browsing the Internet (especially those un-trusted websites), or click on links in emails from unknown sources.

For more information, please visit
http://www.microsoft.com/technet/security/advisory/968272.mspx


For further enquiries, please contact ITCare at or x2080. Thank you.

Infocomm Security Group
Computer Centre
27 Feb 2009