Microsoft re-issues Excel patch

Microsoft yesterday had to re-issue a patch for an Excel vulnerability, after admitting it caused calculation errors in software using Office's Visual Basic for Applications.

The flaw, first addressed in the software maker's monthly Patch Tuesday bulletin issued last week, was rated 'critical' because it could be exploited by hackers to gain unauthorised control of an unprotected PC's systems.

The update, MS08-014, was supposed to fix the zero-day flaw in the spreadsheet application that entices users to click on malicious Excel files. At the time, Microsoft said versions 2000, 2002 and 2003 and 2003 Service Pack (SP) 1 and 2 versions of Excel were affected, although Excel 2007 or Excel 2003 SP3 users were not at risk.

But Microsoft spokesman Tim Rains wrote yesterday in a Microsoft Security Response blog posting: "We've just re-released MS08-014 for Microsoft Office Excel 2003 Service Pack 2 and Service Pack 3 only."

"The original version released on 11 March did fully protect against the security issues discussed in the bulletin," the post continued. "However, after release we discovered that the security update caused a calculation error in Microsoft Excel 2003 when a Real Time Data source was used in a user-created Visual Basic for Applications solution (in other words, a custom-built VBA function)."

Rains also referred users to an additional Microsoft support bulletin for additional details on the error.

"If you're not running Microsoft Excel 2003, this re-release doesn't apply to you and you don't need to take any action," he added.

The re-issued patch is also available through Microsoft's Automatic Update facility.

Email to a friend

Print this page