Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000, and Microsoft Excel 2004 for Mac.
The initial investigation indicates that those who are using Microsoft Office Excel 2007 or Microsoft Excel 2008 for Mac, or who have installed Microsoft Office Excel 2003 Service Pack 3 are not affected by this vulnerability.
Microsoft is investigating the public reports and customer impact. Upon completion of this investigation, Microsoft will take the appropriate action to help provide appropriate protection. This may include providing a security update through the monthly release process or providing an out-of-cycle security update, depending on needs.
At this time, Microsoft is aware only of targeted attacks that attempt to use this vulnerability. Additionally, as the issue has not been publicly disclosed broadly, it is believed the risk at this time to be limited.
Review Microsoft Security Advisory 947563 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQ) and links to additional resources.
If you believe you are affected, contact Microsoft Customer Service and Support (CSS). Contact Microsoft Customer Service and Support (CSS) in North America for help with security update issues or viruses at no charge using the PC Safety line (1866-PCSAFETY). International customers can contact Customer Services and Support (CSS) by using any method found at this location: http://support.microsoft.com/security.
- Microsoft Security Advisory 947563 – Vulnerability in Microsoft Excel Could Allow Remote Code Execution
- MSRC Blog: Security Advisory 947563
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...