Top Tech News HOME LATEST NEWS NEWSLETTERS SEARCH Search
  LATEST NEWS FOR SATURDAY MARCH 25

Close Search Box
Top Tech News
NETWORK SECURITY
Microsoft Issues Updated Excel Patches
Posted January 19, 2007
Microsoft Issues Updated Excel Patches
Next Story
EARLIER
Phisher Faces 101 Years of Prison Time
THIS STORY
Microsoft Issues Updated Excel Patches
Next Story
LATER
Retail Giant TJX Discloses Massive Data Breach
YOU ARE HERE:   HOME arrow NETWORK SECURITY arrow THIS STORY
NEWS OPS

By Jennifer LeClaire. Updated January 19, 2007 9:41AM

SHARE

ALSO SEE

As Windows users await the release of Office 2007, Microsoft is cleaning up some old vulnerability issues with Excel. On Thursday, Microsoft issued a new set of patches to fix several remaining flaws in the popular spreadsheet application.

The software giant had initially released a security update on January 9 to patch five critical bugs in Excel. That version of the update did indeed protect against the security issues, according to Christopher Budd of Microsoft's Security Response Center.

But after the release, Microsoft discovered that "the update did not correctly process the phonetic information that is embedded in files that are created by using Excel in the Korean, Chinese, or Japanese executable mode," Budd wrote in a blog posting.

Immediate Issue

Microsoft is advising users running Excel 2000 to install the new update, which is being distributed through the company's regular software update channels.

What this all means is that users who installed the first version of the patch last week will discover that they might not be able to open some Excel documents if the software's "executable mode" is configured for Korean, Japanese, or Chinese. (Some versions of Excel 2000 support certain Asian languages by default.)

An attacker who successfully exploited the most severe of the vulnerabilities that these patches are designed to fix could take complete control of an affected system, according to Microsoft. The attacker could remotely install programs, view, change, or delete data, and even create new accounts with full user rights, Redmond warned.

Disturbing Trend

Security researchers said the rerelease of the Excel patch is an indication that Microsoft is doing what it can in light of the disturbing trend of hackers who continue to look for new ways to leverage exploits.

"Once hackers find a vulnerability, they look to exploit the same issue from a variety of different angles," said Ken Dunham, a senior engineer with VeriSign iDefense.

Dunham pointed to the recent Vector Markup Language (VML) vulnerabilities in Microsoft's Internet Explorer as a prime example of this trend. Attackers developed many variants of the malicious software designed to capitalize on the flaw.

"Even when you come up with a fix, there may still be related vectors," Dunham stressed. "If you look all the way back to Slammer, we learned a hard lesson there where the SQL vulnerability was embedded in a variety of different applications, not just the one everybody expected," he said, referring to the Slammer worm that wreaked havoc on enterprise networks, infecting thousands of computers each second.

Tell Us What You Think
Comment:

Name:

MORE IN NETWORK SECURITY

Next Article >

INSIDE TOP TECH NEWS NETWORK SITES SERVICES BENEFITS