Microsoft still left Excel open
Security experts warned that there are still two dangerous security flaws in Microsoft Excel that have not been fixed by Microsoft in the last security update.
Meanwhile, the malicious code proved to be able to exploit the above security flaws has been widely distributed on the Internet. Microsoft recommends that users be careful when opening a file sent from an unknown source.
One of the two security flaws mentioned above is actually a security error in Windows but is exploited via Excel. This is a security bug that can be exploited to execute malicious code remotely and is classified as "extremely dangerous".
Christopher Budd, an expert at MSRC (Microsoft Security Response Center), said the security path above is actually a boundary error that exists in a component called "hlink.dll" of the Windows operating system. This path usually causes buffer overflow if an Excel user clicks on a URL link in a malicious Excel file.
" We are still investigating this security bug further ," Budd said in a recent interview. " After the official investigation conclusions, we will take the necessary steps to protect users ."
This security error has been confirmed to affect primarily Microsoft Excel 2003 SP 2 versions on the Windows XP SP 2 platform fully installed with patches. Some other versions of the bug include Microsoft Office 2000, Excel Viewer 2003, Excel 2003, Excel 2002, Excel 2000, Microsoft Office 2003 Professional Edition, Microsoft Office 2003 and Microsoft Office XP.
The MSRC confirms that hackers can only exploit the above security error if tricked by the user opening a malicious Excel file and clicking on a linked file in that file. The MSRC has not found a way to exploit this security bug beyond the aforementioned path.
Budd experts also affirmed that another patch in Excel has not yet been patched to affect some Microsoft Office language versions. This is also a buffer overflow error that could allow hackers to execute binary code through a dangerous Excel file.
However, this expert also confirmed that Microsoft is conducting further investigation on the cause of this security error before officially making a remedy. Security firm Secunia also classified this security bug to the "extremely dangerous" level.
Microsoft recommends that users update security patches that have just been released as soon as possible.
Hoang Dung
- 5 best alternatives for Microsoft Excel
- Get familiar with Microsoft Excel
- Use old versions of Office to open and save files created by Office 2007
- Excel again in danger of being attacked?
- Microsoft acknowledges Excel's error
- Detects the third vulnerability in Microsoft Excel
- Excel paintings are amazing
- Excel 2007 also calculates the wrong results
- Add a security error that threatens MS Excel
- Open source - 10 things Microsoft loves and hates
- Hackers start exploiting new Excel errors
- Microsoft upgraded Office Compatibility Pack