Bugs and Fixes: Plug Dangerous Holes in Word, Excel
If you keep putting off installing security patches, now would be an excellent time to stop procrastinating and take some action: Microsoft recently released cumulative patches for the 2000 and 2002 versions of Excel and Word.
The patches include all previous fixes for those two programs, as well as patches for four newly discovered security bugs (three in Excel and one in Word). Although Microsoft classifies these recent bugs as "moderate" on its severity scale, don't let that lull you into complacency. They can still give you a nasty bite.
To be fair, crackers haven't exploited any of these new holes--yet. But an attack that penetrates any of the four flaws could give a miscreant the ability to wreak havoc on your system (such as steal your data or reformat your hard drive) and even the ability to do anything you can do on your own computer.
The three bugs that are lurking in Excel involve the spreadsheet's ability to run user-defined macros. These handy programs are stored as part of a workbook and can do things like automate repetitive keystrokes or regenerate a table of monthly payments after you've changed the interest rate in a loan application.
In order to mount a successful assault, an attacker would need to either send you an Excel workbook as an e-mail attachment and induce you to open it or get you to download an Excel workbook from the Web that you then open on your machine. The harmful code can be hidden inside macros, in HTML scripts embedded in a workbook, or in a workbook that contains a hyperlink to the attacker's Web site.
Ordinarily, security code in Excel ensures that macros don't do anything sneaky. Unfortunately, in these three important cases, Microsoft's programmers overlooked ways around Excel's macro safeguards.
The latest Word flaw is a variant of a bug Microsoft thought it had fixed in 2000. In this case, an attacker would need to either send you a Word mail-merge file saved in HTML format or persuade you to click a Web link to it. If you have Microsoft's Access database software on your machine, when you open the file in Word the attacker's code would execute in Access. A clever cracker could then completely take over your PC with predictably awful results. Visit
Speaking of cumulative patches, Microsoft just released one for Windows Media Player. The patch handles all old holes in the player for Windows XP, as well as in versions 6.4 and 7.1 of the software. It also fixes three new security bugs that could give a villain control of your PC--Microsoft rates them as "critical" on its severity scale. The first hole is related to how WMP handles licenses for secure media under its digital rights management system. The second is a flaw in how the active playlist is stored. And the third involves the way WMP handles access to local storage devices. Visit
Network Associates
Microsoft says that a small percentage of its Wheel Mouse Optical, IntelliMouse Explorer, and IntelliMouse Optical mice may stop functioning properly. Symptoms include the cursor freezing and buttons failing to respond. If your faulty mouse is still under warranty,
Found a hardware or software bug? Tell us about it via e-mail at
