Vulnerability researchers find new flaw in Microsoft Excel

A round up of security issues including suspicious web traffic increases on Port 6502, McAfee hires a new security chief and Check Point completes its acquisition of NFR.

New flaw in Microsoft Excel
Researchers from Sunnyvale, Calif.-based security vendor Fortinet Inc. and Danish vulnerability clearinghouse Secunia are warning of a new flaw in Microsoft Excel that attackers could exploit to run malicious code on targeted machines. "A remote improper memory access vulnerability exists in Microsoft Excel which could allow an attacker … to take complete control of the affected system," Fortinet said in an advisory.

Secunia said in an advisory that the problem is an unspecified error that occurs when certain .xls files are opened in Internet Explorer. "This can be exploited to execute arbitrary code via a specially crafted XLS file with a certain unspecified opcode," Secunia said, adding that users should steer clear of untrusted Microsoft Office documents.

The problem affects:

  • Microsoft Excel 2000, 2002 and 2003
  • Microsoft Excel Viewer 2003
  • Microsoft Office 2000
  • Microsoft Office 2003 Professional Edition
  • Microsoft Office 2003 Small Business Edition
  • Microsoft Office 2003 Standard Edition
  • Microsoft Office 2003 Student and Teacher Edition
  • Microsoft Office 2004 for Mac
  • Microsoft Office X for Mac
  • Microsoft Office XP
  • Microsoft Works Suite 2004
  • Microsoft Works Suite 2005
  • Microsoft Works Suite 2006

Microsoft patch bulletins:
Microsoft nixes four patch bulletins
Inside MSRC: Visual Studio flaw, tool extensions explained

Microsoft investigates Windows Vista flaw

Microsoft fixes two zero-day flaws

Microsoft will release its monthly security patches Tuesday, and three updates will address Microsoft Office. At least one of the Office updates will fix critical problems, the software giant said.

Suspicious traffic rising on Port 6502
It appears attackers are still trying to exploit a flaw in the CA BrightStor ARCserve Backup Tape Engine that first came to light in November. The Bethesda, Md.-based SANS Internet Storm Center (ISC) Web site speculated that this could be the reason for an increase in suspicious traffic on Port 6502. The ISC is asking IT professionals who notice increased activity in their environments to send some packets for study.

"It's interesting to note the length of time that passed on this one if this is indeed still the same vulnerability they are attempting to exploit," ISC handler Swa Frantzen said on the Web site.

McAfee hires new security chief and other execs
Santa Clara, Calif.-based antivirus firm McAfee Inc. has been mired in a stock options scandal in recent months that resulted in former president Kevin Weiss's expulsion last fall and the resignation of CEO George Samenuk. Now, the company hopes to get beyond it with the hiring of three senior-level executives.

McAfee hired Martin Carmichael to serve as the company's first CSO, while Bill Curtis will be chief process officer and Carl Banzhof will be vice president and chief technology evangelist. McAfee said the hires will allow it to bolster development of new products and services while strengthening the company's business and operational infrastructure.

"The industry expertise that Martin, Bill and Carl bring with them will put McAfee in a strong position as we start 2007 as a new year of growth and innovation," Dale Fuller, McAfee's interim chief executive officer, said in a statement.

Fuller took over as interim CEO in the wake of the stock scandal.

Check Point completes NFR acquisition
Check Point Software Technologies Ltd. announced Monday that it has completed its $20 million acquisition of Rockville, Md.-based NFR Security. The Israeli enterprise security vendor first announced the deal last month, saying Check Point's SmartDefense and NFR's Hybrid Detection Engine (HDE) will offer customers "precise, real-time attack prevention" by combining pre-emptive type-based protection from SmartDefense with the "highly granular and accurate attack detection" provided by the HDE.

Read more on Operating systems software