|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
-
0day exploit in Excel
A few hours ago, Mike Reavey at the Microsoft Security Response Center blogged a warning about a new hole in Excel.
In what appears to be a new pattern, now that Microsoft is charging for protection against flaws in its own products, Reavey writes:
We’ve activated our security response process and we have added detection to the Windows Live Safety Center today for up-to-date removal of malicious software that attempts to exploit the vulnerability… We’re also actively sharing that information with our Microsoft Security Response Alliance partners so that their detection can be up to date to detect and remove attacks. We’ve got the Office team engaged of course and they are hard at work investigating the vulnerability.
Permit me to translate that into English for you. If you pay Microsoft fifty bucks, you get protection now. Wait a day and you’ll get protection from the other antivirus vendors. Wait a month or two, and Microsoft will finally patch Excel for free.
Something is terribly wrong here.
UPDATE: Secunia calls this hole extremely critical, its most dire rating.
Symantec’s Security Response center has a few details.
Apparently there’s at least one in-the-wild exploit, which comes in the form of an Excel spreadsheet called okN.xls attached to a spoofed email. Symantec considers it to be a “very low” threat.
It looks like all of the major antivirus firms have posted (or are in the process of posting) updates for this hole.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Red x next to folder on OneDrive iPadOS
by 37 minutes ago
-
Are manuals extinct?
by 2 hours, 30 minutes ago
-
Canonical ditching Sudo for Rust Sudo -rs starting with Ubuntu
by 5 hours, 39 minutes ago
-
Network Issue
by 12 hours, 11 minutes ago
-
Fedora Linux is now an official WSL distro
by 17 hours, 39 minutes ago
-
May 2025 Office non-Security updates
by 18 hours, 5 minutes ago
-
Windows 10 filehistory including onedrive folder
by 20 hours ago
-
pages print on restart (Win 11 23H2)
by 19 hours, 16 minutes ago
-
Windows 11 Insider Preview build 26200.5581 released to DEV
by 22 hours, 12 minutes ago
-
Windows 11 Insider Preview build 26120.3950 (24H2) released to BETA
by 22 hours, 14 minutes ago
-
Proton to drop prices after ruling against “Apple tax”
by 1 day, 5 hours ago
-
24H2 Installer – don’t see Option for non destructive install
by 13 hours, 57 minutes ago
-
Asking Again here (New User and Fast change only backups)
by 1 day, 16 hours ago
-
How much I spent on the Mac mini
by 16 hours, 21 minutes ago
-
How to get rid of Copilot in Microsoft 365
by 11 hours, 32 minutes ago
-
Spring cleanup โ 2025
by 1 day, 22 hours ago
-
Setting up Windows 11
by 17 hours, 51 minutes ago
-
VLC Introduces Cutting-Edge AI Subtitling and Translation Capabilities
by 1 day, 18 hours ago
-
Powershell version?
by 1 day, 19 hours ago
-
SendTom Toys
by 6 hours ago
-
Add shortcut to taskbar?
by 1 day, 23 hours ago
-
Sycophancy in GPT-4o: What happened
by 2 days, 15 hours ago
-
How can I install Skype on Windows 7?
by 2 days, 14 hours ago
-
Logitech MK850 Keyboard issues
by 1 day, 21 hours ago
-
We live in a simulation
by 3 days, 5 hours ago
-
Netplwiz not working
by 2 days, 16 hours ago
-
Windows 11 24H2 is broadly available
by 3 days, 18 hours ago
-
Microsoft is killing Authenticator
by 19 hours, 51 minutes ago
-
Downloads folder location
by 4 days ago
-
Remove a User from Login screen
by 2 days, 20 hours ago
Remembering Woody
