Microsoft: No patch Tuesday for Excel security hole

[monsitj]

Microsoft has announced that the patch tuesday will release three updates, including one with the stamp 'critical'. A patch for a dangerous vulnerability in Excel, however, even though the bug is already actively exploited.

The bug in the xls file format, which appears in all versions of Excel, according to several security companies now actively exploited by malicious. Using an Excel file can be manipulated a PC is infected with malware. Although a Microsoft security advisory on the issue is delivered, the next patch will not fix include round. Furthermore, the software giant to them that only a limited number of attack attempts using the exploit is known. Until there is an update rate would Excel users can go to the Office Document Open Confirmation Tool or an account with limited rights to use.

In the - deliberately kept brief - description of the next round patch, Microsoft describes three updates for Windows 2000, XP, Vista and Windows Server 2003 and 2008. The patch identified as critical a problem with a computer remote attackers could take over. The two as' important 'patches must be defined to prevent spoofing attacks.

[Una]

This means only be a danger if you open excel files from others on your PC?

[Tomaz]

"Even quick fix" is absolutely not if you have a product like Windows or Office. Hundreds of thousands of programs, tools, macros, etc. to build on that code. If you "quickly fixed" is a good chance that a part of this software is demolition. The effects are quite large. System administrators assume that they are simple security updates without problems can roll. A good will it do any testing on a test, but that's at. If then it appears that half the company a few hours they have in Redmond is not nice day. Indeed, the same will for several companies around the world to happen.

Same course with consumer systems. They are also not happy and after a lot of update will not work anymore. Are they automatic updates off, more opportunities for viruses and also damages for MS image everywhere.

In short, "as fast fix is impossible. MS has a center with numerous computer configuration and images for which all updates detailed testing. When an error is returned to the developers who can solve it all again.

I personally think that it is not crazy to think that testing the Excel actually fix a compatible quality problem is found. Probably MS is now doing that either internally or to resolve an external company on Thursday to give them an Excel wrong / strange way in terms of their software after the update no longer works. (You must imagine that it is not uncommon that software houses use "Undocumented features" to their software a little better run. In their view then) Anyway, if the software is important, it will be resolved before the update rate.

The actual programming is nothing compared with what is to come look.