CNET también está disponible en español.

Ir a español

Don't show this again


Microsoft to patch Excel hole, seven others

Eight security patches are coming Tuesday, including one for a critical vulnerability in Excel that could be a fix for a hole that attackers have been exploiting.

A correction was made to this story. See below for details.

Microsoft on Thursday said next week's Patch Tuesday would include eight patches, five of them critical, including one addressing a vulnerability in Excel.

A company representative declined to confirm whether the patch for its spreadsheet software addresses a vulnerability that has seen "zero-day attacks" which target unpatched security holes. But given the fact that both that Excel vulnerability and the Excel patch slated for Tuesday affect Microsoft Office 2000, 2002, 2003, and 2007, as well as Microsoft Office 2004 and 2008 for the Mac, it could be the same weakness.

Security firm Symantec said in February that it had discovered malicious files in the wild in Japan that attempt to exploit the Excel Unspecified Remote Code Execution Vulnerability. The attack requires a computer user to open an attachment sent via e-mail that has a maliciously crafted Excel document.

Also on Tuesday, Microsoft will provide updates addressing critical remote code execution vulnerability in Internet Explorer, Windows, and Office, and less severe vulnerabilities in Windows and Microsoft's Forefront Edge Security.

Affected software includes IE 7, Windows 2000, Windows XP, Windows Vista, Server 2003, and Server 2008, according to Microsoft's advance-notification bulletin, released on the Thursday before every Patch Tuesday, which is the second Tuesday of the month.

Correction: This story initially gave the wrong day of Microsoft's announcement. It was made Thursday, April 9.