News

Microsoft Releases Patch to Fix Excel Files

Microsoft has released a patch that eliminates two vulnerabilities in Excel 97 and 2000 that could allow macros to be run without warning under certain conditions.

The primary vulnerability addressed by this patch involves Excel Symbolic Link (SYLK) files. These files can contain macros, and if such a file were opened in Excel 97 or 2000, the macro could run without asking for the user's permission. These macros could take any action on the user's computer that the user could take.

The patch also deals with a vulnerability involving how Excel 97 imports macros created by Lotus 1-2-3 or Quattro Pro. When such a macro is imported, Excel 97 runs it without asking the user's permission. These macros could be used to delete files on the user's computer, but could take no other action.

The vulnerabilities affect Microsoft Excel 97, shipped alone or as part of Office 97 and Excel 2000, shipped alone or as part of Office 2000. The patch is currently available at http://officeupdate.microsoft.com/downloadDetails/Xl8p7pkg.htm for Excel 97 and at http://officeupdate.microsoft.com/2000/downloadDetails/XL9p1pkg.htm for Excel 2000.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Expands Azure AD Password Lengths, Adds Conditional Access Controls

    Microsoft announced a couple of Azure Active Directory enhancements this week regarding password lengths and new conditional access controls for IT pros.

  • Attack Surface Analyzer 2.0 Available for Checking Software Installs

    Microsoft this week described Attack Surface Analyzer 2.0, an updated tool for checking software installations that's now built using open source code.

  • What Causes Hyper-V Replication Failures?

    Hyper-V replication failures happen rarely, but their impact can be catastrophic when they do. Know the scenarios that are likely to trigger a replication failure.

  • Microsoft Touts Using HyperClear To Address Intel Processor Woes

    Microsoft is again promoting its HyperClear Hyper-V hypervisor technology as a potential balm for organizations trying to come to grips with Intel's latest speculative execution side-channel attack disclosures.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.