Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
Microsoft Warns of New Security Issues in PowerPoint, Excel
Company offers patch to prevent vulnerability to malicious macros.
Jaikumar Vijayan, Computerworld
Microsoft is warning users about a security hole in its popular Excel and PowerPoint software that could let malicious attackers take control of their computers.
The vulnerability affects Microsoft Excel 2000 and 2002 for Windows and PowerPoint 2000 and 2002 for Windows, as well as various versions of the software for the Macintosh platform, according to an advisory the company posted Thursday.
Patches for the affected software are available immediately and should be applied as soon as possible, Microsoft says.
Macro Vulnerability
The vulnerability exists in the way macros are detected in PowerPoint and Excel documents, according to the company.
Macros are basically small pieces of code in applications such as PowerPoint and Excel that automate certain tasks, such as finding and replacing text, on behalf of the user.
In the past, attackers have created malicious macros capable of deleting or changing files or moving them to different locations, and have hidden the code in PowerPoint and Excel documents.
To deal with this threat, Microsoft has for some time included a functionality in both applications that scans for the presence of macros in all PowerPoint and Excel documents. The feature alerts users if a macro is detected, allowing the user to decide whether to permit the macro to be executed.
Undermining Protection
The latest vulnerability lets users create PowerPoint and Excel documents that skirt this protection, allowing macros to execute automatically without user permission, says Motoaki Yamamura, a senior development manager with Symantec's security response team.
As a result, a cracker could create and send PowerPoint and Excel documents that, when opened, would cause malicious code to run in the background without the victim's knowledge.
Because users aren't alerted to the presence of a macro in such malformed documents, "They might feel secure, when in reality they are not," Yamamura says.
It would require an attacker with a good understanding of the software and how Microsoft file formats are structured to exploit the hole, Yamamura says.
The vulnerability was first brought to Microsoft's notice about two months ago by Symantec.
News of the latest hole comes, ironically enough, one day after Microsoft rolled out a company-wide program called Strategic Technology Protection Program, which it says is designed to make it easier for corporations to secure their Windows environments.
For more enterprise computing news, visit Computerworld. Story copyright © 2007 Computerworld Inc. All rights reserved.
Save on Printing Costs
Top Selling Laptops
Dell Fast Track
-
Free Next Day Business Shipping on Dell's Most Popular Systems Over 35% off Dell’s most popular systems. Delivered in 48 hours with free next business day shipping! Ends 12/22 at 3 PM CST
People who read this also read:
Best Prices on Antivirus Software
Norton Antivirus 2010 (Full Product, 1 User)Price: $17.90
Anti-virus 2010 (OEM Product, 1 User)Price: $21.62
AntiVirus 2010 (Full Product)Price: $24.95
Norton AntiVirus 2009 (Full Product)Price: $16.89
Anti-Virus 2009 (Full Product)Price: $15.04
Norton Antivirus 2010 (Full Product, 3 Users)Price: $41.00
-
Lenovo Laptop Showcase Find out how Lenovo IdeaPads and Thinkpads balance performance and portability. Visit the Lenovo Resource Center for more info...
