Microsoft has issued a statement and outlined some precautions to follow due to the recently discovered Excel security flaw. We first reported on this yesterday.
They recommend NOT opening an Excel file sent to you through email. In addition, they recommend NOT opening any email attachment with the following file extensions:xls, xlt, xla, xlm, xlc, xlw, uxdc, csv, iqy, dqy, rqy, oqy, xll, xlb, slk, dif, xlk, xld, xlshtml, xlthtml and xlv.They confirm that this is a problem for users of Excel 2003, Excel Viewer 2003, Excel 2002, Excel 2000, Microsoft Excel 2004 for Mac, and Microsoft Excel v. X for Mac.
However, Excel 2000 users are at highest risk because the program does not prompt the user to Open, Save, or Cancel before opening a document. Other versions of the software present a warning before a file is opened, Microsoft said.
In order to be at risk, a user must first actually open a malicious Excel file attached to an e-mail or otherwise provided to them by an attacker. Meaning, limit your risk and do not open any strange Excel files you get in e-mail.
Stay tuned for any further developments.
