Just days after Microsoft confirmed that its Excel spreadsheet had an unpatched vulnerability currently being exploited by attackers, security vendors on Tuesday reported a second zero-day bug in the popular business application.
Last Thursday Microsoft acknowledged that a critical flaw in Excel was being used by attackers who had targeted a single company, the second such admission in a month. In May, a bug in Microsoft Word was used in similar fashion by hackers who targeted a small number of victims. A week ago, Microsoft patched the Word flaw.
Monday, the Redmond, Wash. developer issued a security advisory that promised a patch for the first Excel vulnerability and spelled out several steps enterprises and individuals could take to protect their systems until a fix was released.
In the advisory, Microsoft noted that Excel 2000, 2002, and 2003 for Windows (as well as the for-free Excel Viewer 2003 utility), and Excel v. X and 2004 for the Mac were at risk. The company also recommended several different defensive strategies, ranging from blocking all Excel-related file types at the gateway to deleting 40 keys from the Windows Registry to block Excel documents from opening directly within the application.
Tuesday, however, security companies reported that proof-of-concept exploit code had gone public for yet another Excel bug, this time one in a DLL that handles hyperlinks in Excel worksheets.
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.
