Excel holes patched in March security update

Posted by John Stokdyk PM | on Thu, 11/03/2010 - 16:06  1392  2 comments

March seems to be Excel month in Microsoft’s “patch Tuesday” calendar, with seven vulnerabilities patched this week in the spreadsheet program, and another six addressing the Office Excel Viewer, Office Compatibility Pack and SharePoint Server.

The company also acknowledged a so called zero-day flaw in its Internet Explorer browser. The latest version, Internet Explorer 8, is not affected, the company said. The weak spot means that someone using the browser could be vulnerable to a malware download if they visit a website designed to exploit it. According to some security analysts, this technique was used to stage the concerted attacks on Google’s Chinese operations in January.
 
The Excel vulnerabilities were all classed as “Important” rather than “Critical” because they require the user to open an infected spreadsheet file – now a two-step process. The fixes apply to all versions of Excel from the 2002 edition onwards and include the Excel Viewer and Office Compatibility Pack. The Excel 2004 and Office 2008 Mac versions are affected as is the Open XML File Format Converter for Mac.

The Excel Services component within Microsoft Office SharePoint Sever 2007 is also vulnerable, requiring four more individual updates.

As well as not opening unsolicited spreadsheet attachments, Excel users and their system managers are urged to download and apply the patches as soon as possible, if this is not already done by Microsoft’s automatic Windows Update system.

Tags
security
Technology
Excel
More like this
Comments

What if already "infected"

Ian_mcdonald | Fri, 12/03/2010 - 16:24 | Permalink

-- Ian McDonald IML Interim Management Ltd Finance~Accounting~Systems http://www.i-m-l.org

I unwittingly opened an excel spreadsheet email attachment (a price list from a Chinese IT supplier) whilst using Outlook.  I then simply looked at the content and closed the file and deleted the email.  I did not reply to the email.  I also did not notice my computer do anything unusual.

I now receive a lot of similar emails from similar suppliers, which leads me to suspect they somehow know I opened their file, and my email address - is that possible, or am I being paranoid?

BTW - I do not normally open unsolicited attachments, this was the first and has been the last.

My virus scans do not report any problems.

Do the common virus scanners find and fix the effects of the Excel vunerabilities?

They know.

supremetwo | Fri, 12/03/2010 - 16:37 | Permalink

they somehow know I opened their file, and my email address - is that possible, or am I being paranoid?

Yes. It applies to any email with linked objects and pictures and a 'picture' may just be a pixel.

Mailwasher gets around this, enabling you to delete emails at the ISP server.

http://www.mailwasher.net/

 

 

Related links
Rebecca Benneyworth & Intuit deliver RTI Implementation Gripes: free whitepaper