MS Excel Security Leaks Becoming Flood

Dennis Faas's picture

Users of Excel's immensely popular spreadsheets are increasingly having to look over their shoulder.

Insiders are today reporting that a new security leak -- for the third this month -- has been discovered within the program. Excel 2000, 2002, 2003 and Office 2000, XP and 2003 are all affected, and the fallout is driving accountants into the fetal position.

The most recently reported flaw allows attackers to carry out their own commands by convincing a user that a repair is needed on a specific file. Once that file is opened, hackers can do what they wish to an affected users' system.

Caught off guard (perhaps unsurprisingly), Microsoft has stated that they are investigating such attacks, but were completely unaware that such threats even existed. (Source: zdnet.com)

This is hardly the first security issue facing Excel users.

In late June an attack code was released, creating a file that, when opened, caused Excel to crash. Much like the most recent threat, there was a chance that such a file could allow a hacker to commandeer a PC itself. The third and final Excel crack to have been discovered in the last month also provided the opportunity for an intruder to take complete control of a user system. Microsoft was unprepared for these cracks, as well, but have set up the following website to address such issues: microsoft.com)

According to those familiar with the cracks, the security bypass exists because Excel cannot effectively verify user-supplied input prior to formatting it to an insufficiently sized memory buffer.

Excel 2003 and XP were most vulnerable to the late June attack, but as stated, almost all versions are affected by the issue reported today. (Source: news.com)

Security is certainly the buzzword around Microsoft these days, as technicians attempt to repair hacks like these and lawyers prepare to defend the Windows Genuine Advantage.

Rate this article: 
No votes yet