Hello, Bill here,
I wanted to let you know that we have just posted Microsoft Security Advisory (968272).
This advisory contains information regarding public reports of a vulnerability in Microsoft Office Excel that could allow for remote code execution if a user opens a specially crafted Excel file. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. We are developing a security update for Microsoft Office that addresses this vulnerability.
Products affected are Microsoft Office 2000, Microsoft Office 2002, Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac.
The advisory contains workarounds that customers can use to help protect themselves. We will continue to monitor the situation and post updates to the advisory and the MSRC Blog as we become aware of any important new information.
Lastly, I want to let you know that we activated our Software Security Incident Response Process (SSIRP) and are working with our Microsoft Security Response Alliance (MSRA) and Microsoft Active Protections Program MAPP partners to help protect customers. We will update the advisory and this blog as new information becomes available.
Bill Sisk
*This posting is provided “AS IS” with no warranties, and confers no rights.*