Skip to main content

Gold’en Rant : Microsoft, Excel and its failure to patch

I was distinctly unimpressed when I read about reports of hackers using older versions of Microsoft Excel to take over punter’s PC remotely.

It seems that Microsoft has announced it has received reports from users that Excel 2004 (PC and Mac flavours), Excel 2004 Viewer, Excel 2003 SP2, Excel 2002 and Excel 2000 have the security flaw.

Microsoft is reported to mulling whether the patch the flaw.

The flaw allows hackers to create an Excel file and send it as an email attachment or as a Web page auto-download, and take it from there.

But hang on a minute - this security flaw sounds. And so it - it was also reported early last year as a problem, yet Microsoft has done nothing to patch the software.

This time around Microsoft says that punters can protect their PCs using a tool called Microsoft Office Isolate Conversion Environment that scans a file before it is opened.

Does Microsoft seriously expect its Excel users to load and use this utility every time they access the Web or receive an email attachment?

And what about Apple Mac users of Excel 2004? What are they supposed to do?

Microsoft says that users of Excel 2007 and 2008 are “not thought to be affected” by the flaw.

Well, whoopee and thanks for Microsoft. Thanks a bunch guys (an Excel 2000 user writes…)