Reports have been circulating in the last couple of days about an unpatched vulnerability in Microsoft Excel, and the software giant has now confirmed the problem. The flaw allows attackers to run code on remote machines if they can entice a user into opening a malicious Excel file.
Some security vendors also have warned about a new Trojan that already is exploiting this vulnerability. The folks at SearchSecurity.com report that many anti-malware companies are detecting the Trojan already, and that Microsoft has advised customers to take some basic mitigation steps until a patch is available.
As a workaround, Microsoft is advising customers to use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or un-trusted sources. MOICE is a tool that allows users to more securely open Word, Excel, and PowerPoint binary format files. It supports Office 2003 or 2007 Office suite.Excel users can also use Microsoft Office File Block policy to block the opening of suspicious Office 2003 and earlier documents.
No word on when a patch may be available.