Microsoft Reveals Excel Security Risk

Microsoft has warned that several older versions of Excel contain a bug that could be exploited by hackers. It affects both Windows and Macintosh users.

The bug could make it possible to execute code remotely. That means a hacker would be able to gain some degree of access to a user's computer, with the potential to steal personal information.

The problem affects versions of Excel (including the stand-alone viewer) dated up to and including 2004. However, if the user has downloaded Office Service Pack 3, the bug will have been removed. Those versions dated 2007 or 2008 do not have the bug.

To take advantage of the bug, a hacker must persuade a user to download and open an Excel file, either attached to an email or from a website.

Microsoft says the problem should have a limited effect. They believe those hackers who have tried to exploit the bug have so far been targeting specific individuals or firms, rather than the common user. The software giant is currently investigating the issue and says it will decide later whether to issue a security update. Anyone who believes they've been targeted by hackers should contact their local authorities. US users can call a special hotline: 1-866-PCSAFETY.

The announcement of the bug included Microsoft's general advice for security: use a firewall, apply all software updates, and install anti-virus and anti-spyware software. (microsoft.com)

It's unfortunate timing for Microsoft, which has just launched the Macintosh edition of Office 2008, including Excel. The new version is designed to be easier to use, and doesn't require users understand how the spreadsheet formulas work. (Source: macworld.co.uk)

Most users shouldn't have anything to fear from the new Excel bug, but it's a reminder that you should always double-check the source before opening any file from an email or website.