Warning of attacks on 17-year-old Excel vulnerability

The US cybersecurity agency CISA is once again warning about currently observed attacks on vulnerabilities. Attackers have now set their sights on a security vulnerability in Excel known for apparently 17 years, as well as a recent vulnerability in Microsoft's SharePoint.

In its warning, CISA names only the attacked vulnerabilities. The fact that a security vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1, as well as Excel viewers, the compatibility pack for Word, Excel, and PowerPoint 2007 file formats, and Office 2004 and 2008 for Mac is now being attacked is surprising. Microsoft closed it in 2009 with updates. It allows attackers to inject malicious code with manipulated Excel documents, which already happened in February 2009 through the Trojan Trojan.Mdropper.AC (CVE-2009-0238, CVSS2 9.3, Risk “high”).

The second security vulnerability being attacked on the internet affects Microsoft's SharePoint servers. Insufficient input validation allows unauthorized attackers to perform spoofing attacks over the network. This vulnerability is addressed by a software patch from Microsoft's April patch day, released on Wednesday night (CVE-2026-32201, CVSS 6.5, Risk “medium”).

Old security vulnerabilities as new attack targets

How it is possible to attack such old security vulnerabilities at all seems incomprehensible. After all, it means that 17-year-old systems are running that do not receive security updates. However, this seems to be the case more often. On Tuesday this week, the CISA already warned of attacks on Microsoft's Visual Basic for Applications (VBA). It became known in 2012, was already exploited by attackers back then, and is now also back on the list of cybercriminals.

IT managers should therefore urgently ensure that the software in use is up to date.

(dmk)