http://www.vnunet.com/vnunet/news/2212451/microsoft-issues-security By Shaun Nichols in California vnunet.com 20 March 2008 Microsoft has issued an update for a flaw previously addressed in Excel, admitting that the patch caused errors. The company patched the 'critical' flaw in last week's Patch Tuesday release, but the update caused Excel to encounter a new performance problem. Microsoft acknowledged that the vulnerability could allow an attacker to remotely execute code on the target system. The flaw lies in the way Excel files are processed and could allow an attacker to remotely assume control of a user's system, including the ability to execute malicious code. The update was rated 'critical' for Microsoft Office 2000, and 'important' for Office XP, 2003, 2007 and the Mac versions of Office 2004 and 2008. "The original version released on 11 March did fully protect against the security issues discussed in the bulletin," Microsoft spokesman Tim Rains said in a blog posting. "However, after release we discovered that the security update caused a calculation error in Microsoft Excel 2003 when a Real Time Data source was used in a user-created Visual Basic for Applications solution (in other words a custom-built VBA function)." On installing the update, users encountered a 'Real Time Data' error when attempting to use the component with Office's Visual Basic for Applications software. Users can obtain the update through Microsoft's Automatic Update. ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Fri Mar 21 2008 - 00:34:58 PST