Today, Microsoft released a security advisory warning of a very serious unpatched Excel vulnerability, which attackers have already begun exploiting on the Internet. The vulnerability affects all current versions of Excel for Windows and Mac, as well as the Microsoft Excel Viewer and the Office Compatibility Packs. 

Since Microsoft just learned about this flaw, they don't describe it in much detail. They only describe how attackers exploit it. By enticing one of your users into downloading and opening a maliciously crafted Excel document (.xls), an attacker can exploit this vulnerability to execute code on a victim's computer, usually inheriting that user's level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user's machine. 

With attackers actively exploiting this vulnerability in the wild, it poses a critical risk to Microsoft Office and Excel users. Microsoft hasn't had time to patch the flaw yet, but they plan to do so in the future. Until then, we recommend you implement the workarounds described below to mitigate the risk of this dangerous zero day attack.

Solution Path

Microsoft has not had time to release a patch for this zero day vulnerability. However, the workarounds described below should mitigate the risk of attacks currently circulating in the wild.

§ Inform your users of this vulnerability. Advise them to remain wary of unsolicited Excel (.xls) documents arriving via email. If they don't absolutely need the document, and don't trust the entity it came from, they should avoid opening it until Microsoft releases a patch.

§ Use antivirus (AV) software and make sure it's up to date. Some AV companies already have signatures that detect these malicious Excel files. Other AV companies will surely follow.

§ Use the Microsoft Office Isolated Conversion Environment (MOICE) to open untrusted Excel document.  MOICE is a Microsoft add on that provides a special environment which allows you to more securely open Word, Excel, and PowerPoint binary format files. For more details on using it, see the "Suggested Actions" section of  Microsoft's security advisory.

Well they certainly figured out it was time to retire the old UI which was so dated but is this to much of an iPhone clone or innovation?

Convert those Windows Image Files directly to a VHD:

Introduction

The Windows(R) Image to Virtual Hard Disk (WIM2VHD) command-line tool allows you to create sysprepped VHD images from any Windows 7 installation source. VHDs created by WIM2VHD will boot directly to the Out Of Box Experience, ready for your first-use customizations. You can also automate the OOBE by supplying your own unattend.xml file, making the possibilities limitless.
Fresh squeezed, organically grown, free-range VHDs - just like Mom used to make - that work with Virtual PC, Virtual Server, Microsoft Hyper-V, and Windows 7's new Native VHD-Boot functionality!

http://code.msdn.microsoft.com/wim2vhd

Had to work on a PC today that was infected with that same old Antivirus 2009 or in this case renamed to Antivirus 360. Unfortunately even though the system was fully patched and protected with McAfee Total Protection this malware was able to come right on in with little or no warning from the antivirus/spyware protection. So not only was Windows updated including the so called Malicious Software Removal Tool but McAfee was also fully updated and running.

Below are some screens showing the protection was active and what this bug looks like. If you see these screens on your on machine call a tech ASAP. Sorry for the quality of the images but I didn’t have my better camera with me.

Here we see the malware attempting to download the application to further infect the machine even though the user clicks No in the above screens.

Lastly here is McAfee showing the System is Fully Protected and all is good:

So what is a user to do?

1. Run as a non-Admin. User accounts should be limited as much as possible and when you need administrator level access log out of your own account and log back in under that Administrator Level account for those functions or use the “Run As” option.

2. Keep Windows updated. No it won’t stop everything just as I showed but not staying updated is just begging to get infected.

3. Use Antivirus/Malware Protection. At this point we prefer AVG or aVast however this is not an endorsement of either or saying you won’t get infected if you use them.

4. As hard as it is to say run Vista. Vista, especially Vista x64 is by default more secure than Windows XP and I have yet to see a Vista machine catch Antivirus 2009.