News

Microsoft Releases Patch to Fix Excel Files

Microsoft has released a patch that eliminates two vulnerabilities in Excel 97 and 2000 that could allow macros to be run without warning under certain conditions.

The primary vulnerability addressed by this patch involves Excel Symbolic Link (SYLK) files. These files can contain macros, and if such a file were opened in Excel 97 or 2000, the macro could run without asking for the user's permission. These macros could take any action on the user's computer that the user could take.

The patch also deals with a vulnerability involving how Excel 97 imports macros created by Lotus 1-2-3 or Quattro Pro. When such a macro is imported, Excel 97 runs it without asking the user's permission. These macros could be used to delete files on the user's computer, but could take no other action.

The vulnerabilities affect Microsoft Excel 97, shipped alone or as part of Office 97 and Excel 2000, shipped alone or as part of Office 2000. The patch is currently available at http://officeupdate.microsoft.com/downloadDetails/Xl8p7pkg.htm for Excel 97 and at http://officeupdate.microsoft.com/2000/downloadDetails/XL9p1pkg.htm for Excel 2000.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • The 2022 Microsoft Product Roadmap

    Microsoft has a lot in the docket for 2022, including new products like SQL Server 2022, Exchange Subscription Edition and Visual Studio 2022 for Mac.

  • Report: IT Budgets To Increase Despite Slowdown in Hiring

    A newly published annual report found that 51 percent of IT departments are planning to increase their IT spending next year, even in the face of a possible recession.

  • Microsoft Bolsters 'Employee Experience' with Latest Viva Apps

    Microsoft's Viva suite is getting new apps and enhancements, according to an announcement made on Thursday.

  • Microsoft Releases Windows 11 Version 22H2

    The latest version of Windows 11, known as "version 22H2," officially has been released.