The RI Division of IT was notified of a new, serious problem/vulnerability in Microsoft Excel documents. This vulnerability allows an attacker to deliver malicious code within a Microsoft Office Excel document. In order for the attack to be successful, an employee must manually open the infected document.

This vulnerability can also be exploited if an employee visits a malicious web page which is specifically created to exploit this vulnerability. However, a more important concern is that this vulnerability can be exploited by receiving and opening the infected Excel (.XLS) email attachments which are not blocked by the State email filters.

What steps can you take to protect yourself

§    Exercise caution while visiting unknown or un-trusted websites;

§    Do not follow links provided by unknown or un-trusted sources either ones sent in the email or found on the websites;

§    Do not open unfamiliar or unexpected Excel or other Office documents, including those received as email attachments;

§    Ensure that your computer has the antivirus software installed and running.

We are actively scanning for related threats, which utilize this new vulnerability. Employees are urged to take extra precautions when handling unknown Microsoft Office Excel documents until Microsoft can deliver a patch for this vulnerability.

If you are unsure of the document that you have received, please call the DOIT Service Desk at (401)222-5709 before opening it.

Importance Rating: