A new, yet-to-be-patched security vulnerability in Microsoft's Excel has been exploited in at least one targeted cyberattack, experts warned. A malicious Excel document is sent as an e-mail attachment or otherwise delivered by the attacker to the intended victim, Microsoft said in a posting to its Security Response Center blog.