Microsoft Releases Patch to Fix Excel Files
- By Scott Bekker
Microsoft has released a patch that eliminates two vulnerabilities in Excel 97 and 2000 that could allow macros to be run without warning under certain conditions.
The primary vulnerability addressed by this patch involves Excel Symbolic Link (SYLK) files. These files can contain macros, and if such a file were opened in Excel 97 or 2000, the macro could run without asking for the user's permission. These macros could take any action on the user's computer that the user could take.
The patch also deals with a vulnerability involving how Excel 97 imports macros created by Lotus 1-2-3 or Quattro Pro. When such a macro is imported, Excel 97 runs it without asking the user's permission. These macros could be used to delete files on the user's computer, but could take no other action.
The vulnerabilities affect Microsoft Excel 97, shipped alone or as part of Office 97 and Excel 2000, shipped alone or as part of Office 2000. The patch is currently available at http://officeupdate.microsoft.com/downloadDetails/Xl8p7pkg.htm for Excel 97 and at http://officeupdate.microsoft.com/2000/downloadDetails/XL9p1pkg.htm for Excel 2000.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.