back to article Hackers go after Excel

Microsoft has warned that an unpatched vulnerability in older versions of Excel is being actively exploited by hackers. The bug, which has become the subject of targeted attacks, affects older versions of Excel. Newer versions Excel 2003 SP3 and Excel 2007 are said to be immune. Details of the vulnerability beyond what …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Black Helicopters

    of course, if you upgrade to Office 2007 ...

    is it too tinfoil-hat of me to suggest that M$ left this vague bug in Excel years ago to be able pull a stunt like that to scare users into upgrading that little bit quicker ?

  2. Test Man
    Go

    No problem

    Seeing as SP3 has been out for months now, the "fix" has already been out for ages. So the advice is simple, upgrade to SP3. Even if you are a business and need time to test it, that should've been done by now so deploy.

  3. Aleksandr
    Flame

    Invetnt the bug. hide it. scare people off into buying new version by revelaing it. Brilliant!

    Right.

    SP3 for office 2k3 breakes a lot of things. Like opening file from older versions of Office. There is no fix from MS as of yet but surely.....why not to release this "hoax" to scare people into installing SP3. What a bunch of douchbags they are.

  4. Daniel
    Dead Vulture

    ooh, hardly anyone knows ...

    ... so it's not much of a problem!

    (rams ice cream into forehead)

  5. Tawakalna
    Gates Horns

    or don't use Excel..

    ..cos it's rubbish. Like the rest of Office. And everything else from Micro$h4ft.

  6. Wolf

    I've discovered a WORSE SECRET!

    The government has placed invisible nano-tech circuitry in every box of tin-foil manufactured in the world. So all those tin-foil hats people have been wearing? Yup, you guessed it. The nano-probes migrated from the hat into their brains, turning them into raving psychotics that no one would ever believe.

    After their usefulness comes to an end a switch is thrown at a sooper-seeecret bunker (located in Ohmygosh, Wisconsin!) and the hapless victim is then converted by the nano-probe infection into a black helicopter...

    How's that? :)

  7. Anonymous Coward
    Jobs Halo

    MS is rubbish

    MS is rubbish. Everyone knows that you need a good OS like MAC OS. Apple is super special awesome and never has any software issues ever, not even the software that (grrr) Bi££ Gate$ writes

  8. Ferry Boat

    No no no

    <quote>

    Pending the availability of a fix, security clearing house US-CERT advises users of older versions of Excel to avoid opening unfamiliar or unexpected email attachments.

    </quote>

    No no no. All users, every user, every single one. Excel, Bexcel, Smexcel, don't matter what they use. AVOID OPENING UNFAMILIAR OR UNEXPECTED EMAIL ATTACHMENTS.

    US-CERT should be recommending all users AVOID OPENING UNFAMILIAR OR UNEXPECTED EMAIL ATTACHMENTS.

    Think I got my message across... time for a banana and a cup of tea.

  9. Anonymous Coward
    Flame

    Typical

    And I thought Microsoft aimed their products at enterprises. Security bugs that people don't know about so isn't a problem, cowboys!

  10. Ambi Valent
    Go

    Oh no! Not Again....

    Damn this time round they dint throw in a flight simulator like they did in Office 97???

    Am so offended that i could use Office 2003!

    Is there a reason why Trendmicro, Mcafee, Norton etc havent added Windows to their Signatures??

  11. JimC

    @ MS is rubbish...

    Whilst I have no love for Microsoft and their impact on the IT industry I will profess a liking for Excel. I've yet to see a better spreadsheet.

  12. Matthew Macdonald-Wallace
    Linux

    One Word...

    OpenOffice

  13. Johnny FireBlade
    Gates Horns

    No-one knows about it?

    Well they bloody do now, don't they? It's plastered all over the 'net so it's just a matter of time until the lowlife manage to locate the vulnerability. Call me a cynic, but I suspect it'll take them less time to find and exploit it, than it'll take MS to fix it.

  14. Jeremy
    Flame

    Erm...

    "Pending the availability of a fix, security clearing house US-CERT advises users of older versions of Excel to avoid opening unfamiliar or unexpected email attachments."

    Because of course, once they've patched it, it's absolutely fine to open unexpected attachments from strangers.

    Open mouth. Insert foot. Then if you want to look even sillier, start chewing.

  15. Anonymous Coward
    Anonymous Coward

    Re: One Word...

    Three words: 'Text to Columns'.

  16. Matt Caldwell
    Thumb Down

    Sorry...

    OpenOffice? No.

    I love opensource, haven't run M$ for a couple years, blah, blah blah.

    I'm sorry, but OOo doesn't cut it. The Spreadsheet program isn't as useful as Excel, the Doc Writer is about as good. I haven't used the Presentation much. The suite has a lot of potential, is almost there, in fact. It just doesn't quite get it for me.

    OOo spreadsheet doesn't have the more complex stat analysis that I want it to be able to do (and that Excel can do) for working in the lab.

    The one thing it does well is exchanging files with Genuine Micro$hite Software.

    How about an Abiword/Gnumeric combo? Thats the ticket!

  17. N

    Microsoft upgrade scare?

    The vulnerability is caused due to an unspecified error in the handling of Excel files and can be exploited via a specially crafted file with malformed header information.

    Everything Microsoft is always fixed by upgrading to the next version! particularly if you format your hard disc, re-install Windows to discover your XP key has been revoked to boot...

    Give it a break Bill, we dont give a monkeys about your malware because weve all changed to something, no anything else which is better.

  18. Risky

    Real Word please

    Are the penguin-brains here really suggesting that OO is offering something better than excel? I'll download a copy and take a look but I'm not expecting to see it do everything that excel need to do for us here (IB).

    Feel free to uninstall your bent copies of MS Office though if you've really got a better alternative.

  19. Ishkandar
    Coat

    A simple and invulnerable solution to this problem

    Revert to Spreadsheet v0.0 !! It cannot be hacked from *any* distance and you just have to shoot the hackers if they come near your spreadsheet(s).

    This product consist of large quantities of A3 sheets of paper attached to each other with vast quantities of sticky tape !! They existed at the time when the last of the dinosaurs were dying out and co-existed with manual calculators (wind-up variety) and comptometers !!

    One excellent feature of this product is that they existed *BEFORE* young Billy Gates was born !!

    Right, I'm off to have a chat about the good old days with my mates in the cemetery !!

  20. RW
    Boffin

    Enterprises or Joe Sixpack?

    Anonymous Coward: "And I thought Microsoft aimed their products at enterprises."

    They may say they do, but the design of MS products is clearly aimed at the lowest common denominator -- Joe Six-pack and his family of chicken boner trailer trash.

    By training, I'm neither a logician nor a philosopher, but this doesn't stop me from having a sneaking intuition that systems designed for the feckless masses are not serviceable for serious use by enterprises.

    Case in point: the design philosophy that if the user makes a mistake, the software will guess what he *meant* to do. Wonder how many financial spreadsheets there are that incorporate the results of such goofiness? Lord knows it's hard enough to get a complex spreadsheet right without the software inserting guesswork into it!

    Rantlet: it wouldn't be so bad if MS actually understood the uses to which their products are put, but holy moly, sometimes you get the impression that MS went and read a "For Dummies" book and now they is [sic] experts in this or that specialized field of knowledge.

    Case in point: Windows machines controlling realtime medical equipment that decide to call home and install an update at an inopportune moment. (Is this fact, or is it an urban legend?)

    Dear Bill: You can't have your cake and eat it too.

    Love,

    Me.

    [torn between <heart> and <PH>, so settled on <geek>]

  21. Anonymous Coward
    Anonymous Coward

    @ Aleksandr

    We've rolled out SP3 accross 450 desktops and haven't had a single issue it's even fixed a couple of issues. Yes apparently it can 'break' the odd file that contain certain features but i nor any of my users have come accross them yet. I think the MS bashers are making it into a far bigger problem than it really is.

  22. tom

    Excel hacking? How quaint!

    They've found a way to exploit Excel? What a shock!

    I can't be the only one that thinks this headline is recycled from 10 years ago...

  23. Mike Morgan

    thanks for the memory jog

    Ishkandar, I had completely forgotten A4 paper, but we used bank pins not tape. And the old calc machines with the handle on the side so high tech. While we are at it how about those punch cards, we had a giant basement devoted to there storage. Dont stack the boxes to high! And a hundred people to type in the code. Wow the good ol days.

  24. Vaughan Trevor Jones
    Stop

    S#it happens

    Lets be honest no piece of software is perfect, whether MS or not. Personally I think if

    other office applications were used as much as MS Office, then there would be more known issues.

  25. Louis P. Chouinard

    Re: Re: One Word...

    @AC

    OpenOffice does have a macro for text to columns. ooomacros.org

  26. Anonymous Coward
    Happy

    OpenOffice may not do everything some experts need

    but OpenOffice surely does more than enough for 95%+ of homes, school and college students, and even business spreadsheet and WP users.

    Anyway, Bill's retired now, who's going to decide what to buy/copy/steal/be inspired by for MS's next generation of moneyspinners? Have they updated CineMania and Music Central lately? Is there a Symbian version of Autoroute yet? I gather there's a new version of Windows ME out soon?

  27. Stuart

    Why?

    Ok, we use excel 2k... Why? because it adds stuff up, which is all we need to do.

    Call me simple, but the most complicated formula I have used is a multiple IF statement....

    I know when I am making money (and how much) and when I am not with my accounting package...

    Why do I have to upgrade to 2003? just because someone wanted to add extra "Features" that are now an exploit....

    Looks like a Downgrade is the way to go.... (Like Vista and XP ;-)

  28. Robert Armstrong
    Happy

    They have no shame

    Having supported MS OS and apps for over 17 years I appreciate the annuity income. Installing services packs, anti-virus, anti-spyware and patches has paid off my house and car and thanks to Billy G and that Ballmer monkeyboy I expect the cash to keep rolling into my pocket.

    I know I can rely on Microsoft to continue to screw the pooch aka customer for as long as the sky is blue and the grass is green. That's what makes America great!

    OpenOffice is not a bad option but it is not suitable for the 5% or less who actually use the advanced features of Excel. But for those who want to do a quick budget analysis OO's spreadsheet is fine.

  29. Test Man
    Thumb Down

    Re: Invetnt the bug. hide it. scare people off into buying new version by revelaing it. Brilliant!

    Break a lot of things? Does it though? SP3 stops you from opening older-than-97 files (why would you STILL be relying on them?) which you can convert anyway and in any case Microsoft HAS published a workaround. It's simple. Get the latest service pack. It's your own fault if you don't update.

  30. BitTwister

    OpenOffice does have a macro for text to columns. ooomacros.org @Louis P. Chouinard

    > OpenOffice does have a macro for text to columns.

    So write one yourself? Just like you've probably already done in Expel for those macros which weren't built in and ready-rolled.

  31. Anonymous Coward
    Boffin

    > I gather there's a new version of Windows ME out soon?

    I gather that they did that last year, except that they call it "Vista".

  32. Anonymous Coward
    IT Angle

    What a bunch of hypocrites you all are.

    Seriously. One moment you're complaining about how insecure Microsoft products are and how you shouldn't use them, and then the next you're all upset because you think it's all deliberate to scare you into upgrading.

    If you believe the first statement, then I assume you're using Linux or some other platform. If you believe the second statement, then I assume you're using Linux or some other platform.

    If you make either the first OR the second statement (or both) and yet you're still using Microsoft products, then you're a hypocrite and a liar. Get real, people, and stop Microsoft-bashing just for the sake of looking 'cool'.

  33. TrishaD

    Joe Sixpack

    Racking my brains to think of Excel being of any value to the average homeuser.......

    Let alone Joe Sixpack

  34. John Angelico
    Stop

    @ They have no shame

    You said:

    "OpenOffice is not a bad option but it is not suitable for the 5% or less who actually use the advanced features of Excel. But for those who want to do a quick budget analysis OO's spreadsheet is fine."

    After 35+ years as a CPA in Australia, I recomnmend that all spreadsheets be limited to a few pages which can be viewed within a screen or two.

    If you intend to create a complex spreadsheet using those advanced features, you are unlikely to understand the output you get, you are unlikely to be able to audit anything beyond a few pages and therefore you cannot rely/depend/entrust your life or future to that spreadsheet.

    These cautions may also apply to a spreadsheet of a few pages, depending on your level of skill with spreadsheets.

    However, these cautions definitely apply, independent of skill levels, to large complex spreadsheets.

    YOU HAVE BEEN WARNED.

  35. Anonymous Coward
    Thumb Down

    re: What a bunch of hypocrites you all are.

    Rubbish.

    I don't like Microsoft for any number of reasons and though I use Linux for my workstations and servers at work and home I still have to support the poor sods (customers and staff) who are still using Windows due to necessity (application lock-in), ignorance or orders from 'higher-up'.

    For these reasons I reserve the right to bitch about Microsoft as much as I like and I suspect many of the previous posters are in the same boat.

  36. Fluffykins Silver badge

    So, wait for it.........

    P0rn.xls,

    Britney_spears_nude.xls

    and

    Paris_Hilton.xls

    H'mmm

  37. Chris

    Excel was always a target

    It's laughably easy to write a 'virus' in Excel. Writing a vb macro and calling it 'autoexec' will do the trick - open the file and the code executes. People should always have macros disabled by default.

    I'm still using Office97, works fine and whatever function was missing that I needed, I've already written and added it to it. We use for instance a complex calculation for adding a check-digit to our codenumbers, so an add-in with the function does the trick.

    Microsoft has a habbit of always breaking previous functionality and/or file formats - good example is Access. I have never had a valid reason to upgrade from 97 to a newer version. Anyone can think of one?

    The one thing that really ticks me off is people always using excel for other stuff than spreadsheets. You wouldn't believe what it's used for! Designing standard letters for printing, using it for storing translations, using it for configuration files for websites. To top it all, I once saw a stupid bint at the office use a pocket calculator to fill in the values in an excel-sheet... give me a break. Some people shouldn't use a computer really. And then we're surprised they open any file they receive by mail?

This topic is closed for new posts.