Office vulnerability that affects Macs and Windows
Apr 1, 2009 8:20:42 GMT
Post by CharlieChomper on Apr 1, 2009 8:20:42 GMT
For anyone here who is running Microsoft Office, it may interest you to know that there is a vulnerability with a file format associated with it (more specifically, with Excel) which Microsoft so far appears unlikely to address, along with three other outstanding vulnerabilities which they have known about since April of last year, December, and late February/early March.
Microsoft is downplaying the Excel vulnerability, despite the fact that it appears the maliciously-minded are already exploiting it.
This appears to not only affect those running Office in Windows, but running it on Macs as well as it is a file format-specific exploit as opposed to operating system-related.
For those who rely upon Excel, a current workaround involves blocking Excel files from opening (in Windows, this will require going into the registry and doing a bit of editing) or alternatively (although, the effectiveness of this remains in question as the vulnerability targets and was designed more with Excel2007 and 2008 in mind), running Excel 2003 documents through the Microsoft Office Isolated Conversion Environment (which the company launched in an attempt to remove exploitable coding).
If you're running an older version of Office or Excel, you should not be affected by this problem.
Microsoft is downplaying the Excel vulnerability, despite the fact that it appears the maliciously-minded are already exploiting it.
This appears to not only affect those running Office in Windows, but running it on Macs as well as it is a file format-specific exploit as opposed to operating system-related.
For those who rely upon Excel, a current workaround involves blocking Excel files from opening (in Windows, this will require going into the registry and doing a bit of editing) or alternatively (although, the effectiveness of this remains in question as the vulnerability targets and was designed more with Excel2007 and 2008 in mind), running Excel 2003 documents through the Microsoft Office Isolated Conversion Environment (which the company launched in an attempt to remove exploitable coding).
If you're running an older version of Office or Excel, you should not be affected by this problem.
