Newsletter Archives

  • Windows 11’s unique bug

    PATCH WATCH

    Susan Bradley

    By Susan Bradley

    Whenever Microsoft releases a new version of Windows, it invariably introduces new bugs as a side effect.

    KB5016629 includes a fix for a server message-block (file-sharing) bug that is unique to Windows 11. In a peer-to-peer network, an attacker could trick you by using web-based sharing links such as Azure or other data centers. Windows 10 and earlier are not affected.

    This month’s Windows 11 updates also include fixes for issues where File Explorer fails to work when you use the Star menu’s context menu and an external monitor, or when you use the Play and Pause keyboard buttons.

    Not to be outdone, the Windows 10 security update this month, KB5016616, includes fixes for an issue that affects printing. Let’s hope it fixes those problems we’ve been seeing with USB-based printers.

    Read the full story in our Plus Newsletter (19.33.0, 2022-08-15).

  • JavaScript equations coming to Excel. What on earth are they thinking?

    I was going to let this one fly by, but I just can’t.

    If you’re in the Office Insider program, you can now use custom functions in Excel that are written in… my sweet lord… JavaScript.

    The Office Dev Center describes the functions thusly:

    Custom functions (similar to user-defined functions, or UDFs), enable developers to add any JavaScript function to Excel using an add-in. Users can then access custom functions like any other native function in Excel (such as =SUM()). … Custom functions are now available in Developer Preview on Windows, Mac, and Excel Online.

    My jaw dropped when I heard that in the aftermath of a Build presentation yesterday. In fact, I figured I heard it wrong. But no.

    What’s wrong with making JavaScript available as an in-the-sheet programming language? As Lawrence Abrams at BleepingComputer notes, “within hours” a security researcher, Chase Dardaman, figured out a way to put the CoinHive in-browser JavaScript miner inside a spreadsheet.

    As if 25 years of macro malware wasn’t enough.

  • Excel bug fixed: Renamed HTML files now open properly.

    Reversing a bug that was intentionally introduced last month. It isn’t a complete solution, but it is a decent compromise.

    InfoWorld Woody on Windows

  • New Excel 0day

    This hasn’t yet hit the main news feeds, but Microsoft just released Security Bulletin 968272, which discusses another 0day that takes advantage of a security hole in all modern versions of Excel, and the Excel Viewer.

    Yes, you read that right. The Excel Viewer is vulnerable too.

    Microsoft’s suggested fix for the moment? “Do not open or save Office files that you receive from un-trusted sources or that are received unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a file.”

    The Security Bulletin goes on to give a lengthy set of manual instructions, which includes editing the Registry, that may or may not fend off the worm. Or you can block opening files from Office 2003 or earlier.

    Oh boy. In other words, bend over and kiss your keester goodbye.

    Symantec has encountered an infected file, Trojan.Mdropper.AC, that’s easy to block. It remains to be seen if the exploit folks are smart and fast enough to morph the Trojan so it isn’t so easy to thwart.

    Today would be a very good day to avoid opening any Excel file that you don’t know well.