Brought to you by
Share this content

Critical Security Issue facing Excel users

11th Nov 2021
Brought to you by
Share this content

Background /What has happened?

Microsoft have identified a security issue “that is being currently exploited” relating to Excel spreadhsheets.

KeyPay has learned about this from the Australian Cyber Security Centre and more information can be found here.

Here is a short extract:

A vulnerability (CVE-2021-42292) has been identified in locally installed versions of Microsoft Excel which allows a cyber actor to bypass a key security control. A cyber actor could use a malicious Microsoft Excel spreadsheet to exploit this vulnerability. This malicious document would then likely be used as part of a spearphishing campaign.

There is no indication that the Microsoft hosted Office365 Excel product is affected.

Microsoft has identified that this vulnerability is currently being exploited.

Obviously, the information remains applicable for the UK as much as Australian users, but the phone numbers for more information are not going to be applicable.

If you want to check which Excel versions are affected (and access the security patches), then you can do that via this link.

At the time of writing, there is no security patch available for Mac users - but that will presumably come.

It probably goes without saying that it’s always good practice not to open up any spreadsheets from unknown sources.

KeyPay is a fully cloud payroll software that saves practices time via high levels of automation and full-API integrations with the likes of Xero, Quickbooks and Freshbooks (amongst others), while providing enhanced data security.  Find out more at or start your free trial at