By Shaun Nichols in California
20 March 2008
Microsoft has issued an update for a flaw previously addressed in Excel,
admitting that the patch caused errors.
The company patched the 'critical' flaw in last week's Patch Tuesday
release, but the update caused Excel to encounter a new performance
Microsoft acknowledged that the vulnerability could allow an attacker to
remotely execute code on the target system.
The flaw lies in the way Excel files are processed and could allow an
attacker to remotely assume control of a user's system, including the
ability to execute malicious code.
The update was rated 'critical' for Microsoft Office 2000, and
'important' for Office XP, 2003, 2007 and the Mac versions of Office
2004 and 2008.
"The original version released on 11 March did fully protect against the
security issues discussed in the bulletin," Microsoft spokesman Tim
Rains said in a blog posting.
"However, after release we discovered that the security update caused a
calculation error in Microsoft Excel 2003 when a Real Time Data source
was used in a user-created Visual Basic for Applications solution (in
other words a custom-built VBA function)."
On installing the update, users encountered a 'Real Time Data' error
when attempting to use the component with Office's Visual Basic for
Users can obtain the update through Microsoft's Automatic Update.
Subscribe to InfoSec News