MSRC Blog: Security Advisory 947563

Hello, Bill here,

I wanted to let you know that we have just posted Microsoft Security Advisory (947563).

This advisory contains information about a targeted attack exploiting a vulnerability in Microsoft Office Excel. Our investigation has shown that this vulnerability affects Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000 and Microsoft Excel 2004 for Mac. 

Microsoft Office Excel 2003 Service Pack 3, Microsoft Office Excel 2007 and Microsoft Excel 2008 for Mac are not affected as they do not contain the vulnerable code.

We’ve activated our Software Security Incident Response Process (SSIRP) to investigate the vulnerability and have identified steps customers can take to protect themselves in the workaround section. As part of our SSIRP process, we currently have teams working to develop an update of appropriate quality for release in our regularly scheduled bulletin process or as an out-of-band update, depending on customer impact. In the meantime, we encourage customers to review the advisory and implement the workarounds.

While the attack appears to be targeted, and not widespread, we are monitoring the issue and are working with our MSRA partners to help protect customers. We will update the Advisory and this blog as new information becomes available.


*This posting is provided “AS IS” with no warranties, and confers no rights.*