Information Security Definitions - Zero Day Attack (0 Zero Attack)

A zero-day attack or threat is a computer threat that tries to exploit unknown, undisclosed or unpatched computer application vulnerabilities. The term Zero Day is also used to describe unknown or Zero day viruses.

Zero-day exploits are released before the vendor patch is released to the public. Zero-day exploits generally circulate through the ranks of attackers until finally being released on public forums. The term derives from the age of the exploit. A zero-day exploit is usually unknown to the public and to the product vendor.

New Microsoft Excel Zero-Day Vulnerability

New Microsoft Excel Zero-Day Vulnerability

Microsoft has warned the user community of a new, undocumented vulnerability in Microsoft's Excel spreadsheet program which is being used to launch computer attacks against specific targets. This vulnerability is being exploited to load a Trojan on select computer targets and has been rated "extremely critical" by Secunia.

According to eweek.com “The attackers are using booby-trapped Excel documents, sent by e-mail to the target's mailbox. If a rigged .xls document is launched, the exploit happens silently in the background, infecting the machine with a Trojan downloader that opens a backdoor and waits for instructions from a server controlled by the attacker”.

Microsoft has released and an advisory on this issue.

For a more detailed story please access:

www.securityorb.com
eweek.com