Friday, June 23

Excel '0-day' thing

Okay, first off 'Excel' doesn't have a 0 day, it actually is a vulnerability in hlink.dll which is a Windows component that handles operations involving hyperlinks.

Not only would someone have to send you an excel spreadsheet with this hyperlink built in, but you would have to find it and click on it. (you would have to CONTROL-Click on it).

I suppose you could set up a macro to click the hyperlink (or execute the link) when excel is opened, but since Excel's macros are turned off by default... kinda defeats the purpose of it.

As a reminder, it’s important to make sure that you only accept and open files from a trusted source, as well as be careful what websites you visit.

So, while it's rare you will find me defending Microsoft (because, really, I don't really use their products... come to think of it, the only product I DO use is Excel), it seems like MS may have covered their ass this time.

No comments: