According to media reports a second vulnerability in Microsoft Excel has appeared on the internet. Just last week, Microsoft released a record 12 fixes (eight of which were critical), and it is currently working to resolve a separate bug targeted at Excel.
Alan Bentley, Managing Director of PatchLink comments: “This latest vulnerability could result in Excel crashing after a malicious file is opened and has the potential for a hacker to gain control over a PC. While IT managers will still be getting to grips with the 12 fixes issued last week, the potential damage that this zero-day vulnerability could cause must not be ignored.
“This year has seen an upturn in zero-day exploits and this latest threat simply confirms that zero-day threats are not going away. IT managers will be looking to Microsoft for the resolution to this latest threat – as a survey conducted by PatchLink in April 2006 revealed that 69 per cent of IT managers dismissed third party patches as a resolution to zero-day threats.
“Vulnerabilities do not discriminate so everyone must be on their guard. Identifying the appropriate work around until an appropriate patch is released is critical to the security of the network. Prevention is always better than cure and that has never been truer than in today’s network environment. An effective patch management strategy based on the principles of testing, prioritising and deploying can be the difference between success and failure.”