Reports of a new vulnerability in Microsoft Excel

Hi everyone, Mike Reavey here.  We’ve received a single report from a customer being impacted by an attack using a new vulnerability in Microsoft Excel.


Here’s what we know: In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an email attachment or otherwise provided to them by an attacker.  (note that opening it out of email will prompt you to be careful about opening the attachment) So remember to be very careful opening unsolicited attachments from both known and unknown sources.


We’ve activated our security response process and we have added detection to the Windows Live Safety Center today for up-to-date removal of malicious software that attempts to exploit the vulnerability.  The Windows Live Safety Center is located at the following website:


We’re also actively sharing that information with our Microsoft Security Response Alliance partners so that their detection can be up to date to detect and remove attacks. We’ve got the Office team engaged of course and they are hard at work investigating the vulnerability. 


As always, customers who believe they are affected can contact Product Support Services.  You can contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1866-PCSAFETY) and international customers by using any method found at this location:


We’ll post more information here on the blog as we get it.




*This posting is provided “AS IS” with no warranties, and confers no rights.*