Microsoft to patch Excel hole, seven others

Eight security patches are coming Tuesday, including one for a critical vulnerability in Excel that could be a fix for a hole that attackers have been exploiting.

A correction was made to this story. See below for details.

Microsoft on Thursday said next week's Patch Tuesday would include eight patches, five of them critical, including one addressing a vulnerability in Excel.

A company representative declined to confirm whether the patch for its spreadsheet software addresses a vulnerability that has seen "zero-day attacks" which target unpatched security holes. But given the fact that both that Excel vulnerability and the Excel patch slated for Tuesday affect Microsoft Office 2000, 2002, 2003, and 2007, as well as Microsoft Office 2004 and 2008 for the Mac, it could be the same weakness.

Security firm Symantec said in February that it had discovered malicious files in the wild in Japan that attempt to exploit the Excel Unspecified Remote Code Execution Vulnerability. The attack requires a computer user to open an attachment sent via e-mail that has a maliciously crafted Excel document.

Also on Tuesday, Microsoft will provide updates addressing critical remote code execution vulnerability in Internet Explorer, Windows, and Office, and less severe vulnerabilities in Windows and Microsoft's Forefront Edge Security.

Affected software includes IE 7, Windows 2000, Windows XP, Windows Vista, Server 2003, and Server 2008, according to Microsoft's advance-notification bulletin, released on the Thursday before every Patch Tuesday, which is the second Tuesday of the month.

Correction: This story initially gave the wrong day of Microsoft's announcement. It was made Thursday, April 9.

Featured Video

iPad Pro after one week: Can it replace your laptop?

CNET Senior Editor Andrew Hoyle has been using Apple's gigantic tablet as his main computer for a week. Luke Westaway asks how it stacks up.

by Luke Westaway