Microsoft confirmed that a new, undocumented flaw in its widely used Excel spreadsheet program was being used in an attack against an unnamed target.
The company's warning comes less than a month after a code-execution hole in Microsoft Word was exploited in what is described as a "super, super targeted attack" against business interests overseas.
The back-to-back zero-day attacks closely resemble each other and suggest that well-organized criminals are conducting corporate espionage using critical flaws purchased from underground hackers.
In an entry posted to the MSRC (Microsoft Security Response Center) blog, Microsoft Operations Manager Mike Reavey said the company is investigating "a single report from a customer being impacted" by the latest attack.
"Here's what we know: In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an email attachment or otherwise provided to them by an attacker," Reavey said.
"Remember remember to be very careful opening unsolicited attachments from both known and unknown sources," he added.
Continue at Source...
News Source: eweek.com