Microsoft Office Excel Vulnerability

Check Point Protects Before the Patch

(968272)
Microsoft has disclosed a remote code execution vulnerability in its popular Excel spreadsheet software. There are reports of a Trojan in the wild exploiting this vulnerability. By convincing a user to open a maliciously-crafted Excel file, a hacker may gain the same rights as the local user on the computer and execute malicious code.

Attack Impact

While attacks have thus far been limited, the popularity of the Excel program and possible impact on vulnerable computers makes this a critical vulnerability. As of the time of this publication, no patch is available from Microsoft. It is unclear at this point whether Microsoft will release an out-of-cycle security update or wait for the March Patch Tuesday.

Protection and Recommendations

Check Point has a protection, available immediately, that protects against attacks that exploit this vulnerability. Since there is currently no Microsoft patch for this vulnerability, and when the patch does come out applying it to all vulnerable computers may take weeks for some organizations, Check Point recommends that companies augment their patching process with integrated intrusion prevention systems. These can be deployed both at the network perimeter and at internal locations, separating the company’s network into segments. Check Point SmartDefense and the new Check Point IPS Software Blade provide protection against these attacks.

For more information about Check Point enterprise protections, see CPAI-2009-028.