Microsoft Issues and Re-Issues Patches For Excel Holes
Microsoft has re-released a security patch in Excel that was issued earlier in January 2007. The re-release happens after the earlier update resulted in failure of opening some Excel 2000 documents.
Microsoft found a security flaw in its Excel program that would enable malicious software to acquire control of a computer and modify data or install other downloadable malware.
A problem arose while issuing the fix. In certain instances it was not possible to open files in any Excel version when the executable mode was set to Korean, Japanese or Chinese at the time of creating the files. The problem was a result of the manner Excel 2000 processes Asian letters.
A company software developer had released the MS07-002 update on Tuesday January 9, 2006 within its monthly patch bulletin. The update took care of vulnerabilities in Excel that the company rated as "critical", which could allow an attacker to execute code on a target PC from a remote location.
The original version of the security update developed for Excel 2000, safeguards from all flaws mentioned in the security bulletin. However, it cannot appropriately process the information the characters intend to impart, the characters that create files using Excel in Chinese, Korean or Japanese executable mode, said a spokesperson of Microsoft on January 17, 2007 through TechWeb.
Microsoft has handled the problem in its re-issue of MS07-002 and now it exists only potentially to affect users of Excel 2000. The later Excel versions in Office XP and Office 2003 are not disturbed.
Microsoft rated five Excel holes initially as "critical" and later "important" that it patched via version 2.0 of MS07-002 security bulletin. The company has posted the patch on its support site that is available in Microsoft Update, Windows Update and its other official distribution channels.
The January patch cycle of four security updates comprised fixes for ten vulnerabilities, seven of which Microsoft rated as "critical".
Microsoft has history of problems with quality control over patches. In October 2006 it was forced to re-issue an update for Windows 2000. Earlier in August out of its twelve updates the company re-issued three, and one was re-released thrice.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 22-01-2007