Microsoft offers guidance on Excel bug
Microsoft on Monday offered users a few tips on how to avoid falling victim to a critical bug in its Excel spreadsheet software.
Microsoft stopped short of issuing a fix for the vulnerability, which has to do with the way that Excel uses the computer's memory, but the company said that such an update is in the works.
In the meantime, Microsoft offered users a handful of workarounds to mitigate their risk. They were published Monday in a security advisory. http://www.microsoft.com/technet/security/advisory/921365.mspx
Reports of the vulnerability first began circulating late last week, when Microsoft said that hackers had launched a targeted attack against one of its customers using the vulnerability. The flaw could be exploited to run unauthorized software on a Windows PC, but for this to happen, attackers would first need to either trick an Excel user into visiting a malicious Web site or to open a malicious Excel attachment.
The bug exists in many versions of the spreadsheet software, including Excel 2000, Excel 2002 and Excel 2003, the advisory states.
Advanced Windows users can block the vulnerability by editing their registry settings or by setting up their e-mail gateway to block Excel attachments, Microsoft said. Users can also cut down on the risk by simply avoiding Excel documents that are sent from untrusted sources.
Microsoft is testing a security patch that fixes the problem, but a spokeswoman for the company's public relations agency could not say whether it would be released as part of the company's next round of security updates, expected July 11.
Microsoft's security researchers have been busy over the past week. The Excel bug is being patched just days after the June security updates, which included 12 patches. Microsoft researchers also spent Monday investigating a hack that shut down part of the company's French Web site.
Both Microsoft and security vendor Symantec say that the vulnerability is being used in small-scale, targeted attacks and has not yet been seen in any widespread malware.
An unofficial Frequently Asked Questions on the vulnerability, with more details on the malware that exploits it, can be found here: http://blogs.securiteam.com/?p=451
Click here for case studies, whitepapers and other useful vendor content 
ARN Panel Sessions: Day 3The last of our panel sessions recorded live at CeBIT 2008. Today, the topic is storage. Data is growing at an enormous rate, so what does the future hold?
Weekly Tech News Update: 21st November 2008Yahoo's CEO says goodbye, Intel introduces a new processor, and robots run wild. All that news and more on this week's World Tech Update
Electronic voting in U.S. electionDoubts about voting machines are lingering in the minds of many Americans as they head to the polls.
When an IT disaster occurs, how handy it would be to push a button and start again as if nothing had happened.
Discover and learn more about CA XOSoft today.
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 20 November, 2008 17:34:00
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 20 November, 2008 12:06:00
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 20 November, 2008 12:04:00
NetApp Named 2008 Citrix Ready Solution of the Year by Citrix Systems 20 November, 2008 11:33:00
Extreme Networks Ethernet Transport lowers total cost of ownership for carrier metro networks 20 November, 2008 10:21:00
V/Line and Oakton use Microsoft SQL Server 2008 to develop an Executive HR Dashboard
With the help of Oakton, V/Line - Victoria's regional public transport provider - utilised Microsoft SQL Server 2008 to develop an Executive HR Dashboard report.
Buying Guides
