threat level YELLOW - Microsoft Excel via Internet Explorer exploit happening

The Internet Storm Center has just raised their threat level to Yellow
(from green) due to an active exploit "in the wild" of a major security
problem with Internet Explorer and the components that allow Microsoft
Office documents like spreadsheets (Excel) to take over your computer.

The details are at http://isc.sans.org/diary.html?storyid=6778
but the bottom line is that until Microsoft puts out a fix and your
machine is patched (you do have automatic updates on, don't you!!!) it
is possible that you may receive a Microsoft document with embedded HTML
code in it that will infect your computer. This can be done simply by
visiting the wrong web site and clicking on an ad or other link.

I've long said that before you open any document you receive you should
check with the person who sent it to you to ensure that they really did
send it - and that THEY MADE IT - not just passed it on from someone
else.

There are all manner of PowerPoint and Word documents being sent around
with pictures and such in them that are inspirational or funny or timely
or...

BUT - the bad guys are sending stuff like this out too - and they can
and many times do contain viruses. This is just the latest of a bunch of
exploits that attack Microsoft's software and web facilities.

Just remember - Microsoft's systems were originally designed to work in
a FRIENDLY network environment - they simply did not design them to be
used in the hostile environment of the internet- that was added later,
and they're still trying to fix all the holes and design problems that
don't fit with a hostile network environment.

If you really MUST open these things I cannot urge you enough to
download and install Open Office (http://download.openoffice.org) -
that's what I use, and it is not as closely tied into the operating
system as the Microsoft Office components are so has far less likelihood
(not none - just far less) of being a virus carrier.

richard