Critical Excel vulnerability features in July's 'patch Tuesday'
Excel 2007 featured in the security updates issued by Microsoft on July 10, the traditional second Tuesday scheduled for the company's monthly bulletins.
The Excel vulnerability could allow malicious code to be downloaded and run by causing a "buffer overflow" when a user opens a specially crafted Excel file. People with administrative user rights on their machine will be more at risk that those without.
Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
It is rated as critical for Microsoft Office 2000 and Excel 2000 with Service Pack 3 patches applied, but important for Office XP/Excel 2002, 2003 (Service Pack 2) and Excel 2007.
For an attack to be successful a user must open an attachment that is sent in an e-mail message.
Critical alerts were also published concerning the Windows Active Directory and .NET Framework. See July's security bulletin summary for links to full descriptions and patch downloads.
Voice of the Editor
Which isn’t completely true. I mean, occasionally I drop by when I manage to sneak out of the nonstop frat party over at Going Concern, but I’m mostly a wallflower over there. I’m happy to say that I’ve been given express permission (or explicit orders, if you like) to wander over here to AccountingWEB more often.
Why is that, you might ask? My job is to replace the irreplaceable Gail Perry as Editor-in-Chief. What does that mean? I don’t really know! I think it’ll be fun getting a feel for things, throwing in my own thoughts here and there, and listening to the discussions you’re having about the accounting profession.