updated 06:55 pm EST, Wed March 15, 2006
Excel flaws patched
Microsoft today confirmed that its recent Excel X update and its Office 2004 v11.2.3 updates address five separate security flaws in its Excel spreadsheet software. The Office flaws, reported by Microsoft earlier this week, are dubbed as "high-critical" by security firm Secunia and affect most versions of the Office software suite; however, a sixth "routing slip" vulnerability does not affect Mac users, a Microsoft spokesperson told MacNN. The vulnerabilities may allow execution of arbritary code on a users' systems and could be exploited by malicious people to compromise users' systems -- especially if the users has administrative privileges on the local machine, according to Microsoft's documentation.
"If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights."
The company recommends that users apply patch or not open files from untrusted sources. Along with the security patches, the Office 2004 v11.2.3 brings new features to Entourage users, such as Spotlight and Sync Services support.
In recent weeks, Apple has come under fire for its own security flaws and this week issued a second security update after reports that the initial security update was inadequate and incomplete (and to address bugs introduced by the previous patch). Yet another iTunes/QuickTime vulnerability was reported earlier this week and has yet to be patched by Apple.