The Microsoft Security Response Centre has just released an advisory alerting us to targetted attacks using an unpatched vulnerability that affects Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000 and Microsoft Excel 2004 for Mac.
Microsoft Office Excel 2003 Service Pack 3, Microsoft Office Excel 2007 and Microsoft Excel 2008 for Mac are not impacted. This vulnerability is being actively exploited at the moment in attacks targeting specific organisations. That is not to say however that a more widespread attack could not happen.
If you cannot upgrade your systems to the non-affected versions it may be prudent to block incoming emails or Internet downloads of Excel into your network until more details emerge and/or Microsoft release a patch.
The advisory also contains a number of suggested workarounds.
