Microsoft updates Excel security patch

Microsoft updates Excel security patch
Microsoft updates Excel security patch 

By Shaun Nichols in California
20 March 2008

Microsoft has issued an update for a flaw previously addressed in Excel, 
admitting that the patch caused errors.

The company patched the 'critical' flaw in last week's Patch Tuesday 
release, but the update caused Excel to encounter a new performance 

Microsoft acknowledged that the vulnerability could allow an attacker to 
remotely execute code on the target system.

The flaw lies in the way Excel files are processed and could allow an 
attacker to remotely assume control of a user's system, including the 
ability to execute malicious code.

The update was rated 'critical' for Microsoft Office 2000, and 
'important' for Office XP, 2003, 2007 and the Mac versions of Office 
2004 and 2008.

"The original version released on 11 March did fully protect against the 
security issues discussed in the bulletin," Microsoft spokesman Tim 
Rains said in a blog posting.

"However, after release we discovered that the security update caused a 
calculation error in Microsoft Excel 2003 when a Real Time Data source 
was used in a user-created Visual Basic for Applications solution (in 
other words a custom-built VBA function)."

On installing the update, users encountered a 'Real Time Data' error 
when attempting to use the component with Office's Visual Basic for 
Applications software.

Users can obtain the update through Microsoft's Automatic Update.

Subscribe to InfoSec News 

Site design & layout copyright © 1986-2015 CodeGods