Excel exploit squashed by BOPS

After receiving a few queries regarding the recent unspecified Microsoft Excel vulnerability (CVE-2008-0081) recently patched as part of MS08-014 I finally managed to receive a sample this week. As is usually the case with exploits we seem to have received more queries about this issue than we do about some of the more prevalent malware currently out there.

This exploit requires a user to open a malformed Excel spreadsheet with a vulnerable version of Excel in order to be at risk. If safe computing practices are observed then this really should not happen. Ah, but what about those occasions when it does happen? I hear you ask. Well after performing a quick test in the lab this morning I can confirm that Sophos users are protected from this exploit if they use the BOPS (Buffer Overflow Prevention System) feature of SAV7 and above.

So if Fred in marketing happens to double click on a random Excel attachment before he has had his morning coffee fix there is no need to panic.