We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,812 News Articles

Protect yourself from the Excel bug

Update in the works, says Microsoft

Microsoft yesterday offered users advice on how to protect themselves from the critical bug in Excel.

The company stopped short of issuing a fix for the vulnerability, which has to do with the way that Excel uses the computer's memory, but it said that such an update is in the works.

In the meantime, Microsoft offered users a handful of workarounds to mitigate their risk. They were published yesterday in a security advisory.

Reports of the vulnerability first began circulating late last week, when Microsoft said that hackers had launched a targeted attack against one of its customers using the vulnerability. The flaw could be exploited to run unauthorised software on a Windows PC, but for this to happen, attackers would first need to either trick an Excel user into visiting a malicious website or opening a malicious Excel attachment.

The bug exists in many versions of the spreadsheet software, including Excel 2000, Excel 2002 and Excel 2003, the advisory states.

Advanced Windows users can block the vulnerability by editing their registry settings or by setting up their email gateway to block Excel attachments, Microsoft said. Users can also cut down on the risk by simply avoiding Excel documents that are sent from untrusted sources.

Microsoft is testing a security patch that fixes the problem, but a spokeswoman for the company's public relations agency could not say whether it would be released as part of the company's next round of security updates, expected 11 July.

Microsoft's security researchers have been busy over the past week. The Excel bug is being patched just days after the June security updates, which included 12 patches. Microsoft researchers spent yesterday investigating a hack that shut down part of the company's French website.

Both Microsoft and security vendor Symantec say that the vulnerability is being used in small-scale, targeted attacks and has not yet been seen in any widespread malware.

An unofficial FAQ on the vulnerability, with more details on the malware that exploits it, can be found here.


IDG UK Sites

45 Best Android games: top Android games for your smartphone or tablet in 2014 (24 are free!)

IDG UK Sites

How Apple, Adobe, Microsoft and others have let us down over UltraHD and hiDPI screens

IDG UK Sites

Do you have the X-Factor too? Mix Off app puts fans in the frame

IDG UK Sites

iPad Pro release date, rumours and leaked images - 12.9 screen 'coming in 2015'