Microsoft Issues Updated Excel Patches
As Windows users await the release of Office 2007, Microsoft is cleaning up some old vulnerability issues with Excel. On Thursday, Microsoft issued a new set of patches to fix several remaining flaws in the popular spreadsheet application.
The software giant had initially released a security update on January 9 to patch five critical bugs in Excel. That version of the update did indeed protect against the security issues, according to Christopher Budd of Microsoft’s Security Response Center.
But after the release, Microsoft discovered that “the update did not correctly process the phonetic information that is embedded in files that are created by using Excel in the Korean, Chinese, or Japanese executable mode,” Budd wrote in a blog posting.
Immediate Issue
Microsoft is advising users running Excel 2000 to install the new update, which is being distributed through the company’s regular software update channels.
What this all means is that users who installed the first version of the patch last week will discover that they might not be able to open some Excel documents if the software’s “executable mode” is configured for Korean, Japanese, or Chinese. (Some versions of Excel 2000 support certain Asian languages by default.)
An attacker who successfully exploited the most severe of the vulnerabilities that these patches are designed to fix could take complete control of an affected system, according to Microsoft. The attacker could remotely install programs, view, change, or delete data, and even create new accounts with full user rights, Redmond warned.
Disturbing Trend
Security researchers said the rerelease of the Excel patch is an indication that Microsoft is doing what it can in light of the disturbing trend of hackers who continue to look for new ways to leverage exploits.
“Once hackers find a vulnerability, they look to exploit the same issue from a variety of different angles,”…
