New Microsoft Patch To Fix Excel Vulnerability
On March 19, 2008, Microsoft had to release a new patch for an Excel
flaw, after acknowledging that it had caused calculation faults in
programs applying Microsoft Office's Visual Basic for Applications
(VBA), according to the Microsoft officials.
Microsoft admitted that the flaw could permit a hacker to remotely run
a program on the victim computer. The vulnerability exists in the
method in which Excel files are executed and could permit a hacker to
remotely control a customer's computer along with the capacity to run
This security update, MS08-014, was ranked 'critical' for users of
Microsoft Excel 2000 and was rated 'important' for users of Microsoft
Office XP, Excel 2003, 2007 and Microsoft Office 2004 and 2008 for Mac.
The update was expected to address the zero-day vulnerability in
Microsoft Excel that lures customers to open malevolent Excel files.
As per Microsoft, Service Pack (SP) 1 and 2 of Excel 2003 were infected
along with Excel 2000, 2002 and 2003 variants, even though Excel 2007
and Excel 2003 SP3 customers were not compromised.
Tim Rains, Microsoft Spokesman, said that he new version issued on
March 11, 2008 offered total safety against the security problems
mentioned in the statement. But, after issuing the update it was found
that the security modifications produced a calculation flaw in
Microsoft Excel 2003 whenever a Real Time information source was
utilized in a user-produced VBA solution (or a customized VBA
function), as reported by Vnunet on March 20, 2008.
After deploying the update, customers faced a 'Real Time Data' flaw
while trying to utilize the section containing Office's Visual Basic
for Applications program. Real Time Data, which was introduced in a
previous edition of Excel, allows customers to automatically put
information into a database from a range of sources, comprising
different sites also.
Thus, experts at Microsoft are alerting the end users to protect their
systems with some dependable security code and update frequently so
that these kinds of flaws do not infect their computers.
What is more, Excel hasn't encountered these calculation errors for the
first time. In 2007, Microsoft was compelled to provide a patch for a
flaw that made Excel 2007 to create major multiplication omissions.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 3/27/2008