NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0436 Microsoft Re-Issues Excel Patch:
Microsoft re-issued a patch for an Excel vulnerability on 19MAR08 after acknowledging it
caused calculation errors in software using Office's Visual Basic for Applications. The
new patch is required ONLY for those users running service pack versions 1 and 2 of Excel
2003. The flaw, first addressed in the software maker's monthly Patch Tuesday bulletin
issued last week, was rated "critical" because it could be exploited by hackers to gain
unauthorized control of an unprotected PC's systems.
(www.itpro.co.uk 20MAR08)
A flawed update, dubbed MS08-014, was first released about a week ago. But within a couple
of days, Microsoft acknowledged that it was causing Excel 2003 in Office 2003 SP2 and SP3 to
"return an incorrect result when a Real Time Data source is used," as a company spokesman
said at the time. Microsoft has now re-released the flawed security update. Real Time
Data, which debuted in an earlier version of Excel, lets users automatically pull data into
a spreadsheet from a variety of sources, including web sites.
(ComputerWorld 20MAR08)