Microsoft has offered users tips on how to avoid falling victim to a critical bug in its Excel spreadsheet software.
But the company has yet to issue a fix for the vulnerability, which has to do with the way that Excel uses computers’ memory. The company said an update is on the way for the bug that Microsoft found out about when hackers launched an attack against one of its customers using the vulnerability, which occurs in numerous versions of the spreadsheet software, including Excel 2000, Excel 2002 and Excel 2003.
The flaw could be exploited to run unauthorised software on a Windows PC, but for this to happen attackers would first need to either trick an Excel user into visiting a malicious website or to open a malicious Excel attachment.
Advanced Windows users can block the vulnerability by editing their registry settings or by setting up their email gateway to block Excel attachments. An alternative solution is to cut down on the risk by avoiding Excel documents sent from untrusted sources.
The bug is the latest in a plague of security headaches for Microsoft, including the issuing of a series of security updates in June that included 12 patches, and coping with a hack attack that shut down part of the company's French website and taking advantage of a misconfigured server at the software vendor's web hosting provider.
It’s not been a good few weeks for Microsoft on the security front, after a relatively quiet
beginning of the year. It seems the harder it tries, the more sophisticated and professional the attacks. And that’s before Vista arrives!