Home |
Search |
Today's Posts |
#1
Posted to microsoft.public.excel,microsoft.public.excel.misc,microsoft.public.excel.worksheet.functions
|
|||
|
|||
FYI - Microsoft Acknowledges XL Flaw
Came across this ZDnet article which might interest some of you:
http://blogs.zdnet.com/security/?p=814&tag=nl.e539 -- Regards, RD --------------------------------------------------------------------------- Please keep all correspondence within the NewsGroup, so all may benefit ! --------------------------------------------------------------------------- |
#2
Posted to microsoft.public.excel,microsoft.public.excel.misc,microsoft.public.excel.worksheet.functions
|
|||
|
|||
FYI - Microsoft Acknowledges XL Flaw
RD, Thanks, I guess <g - I have decided to downgrade to Excel 5. Now if I can just find my discs... Jim Cone San Francisco "RagDyer" wrote in message Came across this ZDnet article which might interest some of you: http://blogs.zdnet.com/security/?p=814&tag=nl.e539 -- Regards, RD --------------------------------------------------------------------------- Please keep all correspondence within the NewsGroup, so all may benefit ! --------------------------------------------------------------------------- |
#3
Posted to microsoft.public.excel,microsoft.public.excel.misc,microsoft.public.excel.worksheet.functions
|
|||
|
|||
FYI - Microsoft Acknowledges XL Flaw
Wow. Just when I was thinking of dumping 2007.....finally..... a tick.
Rob "Jim Cone" wrote in message ... RD, Thanks, I guess <g - I have decided to downgrade to Excel 5. Now if I can just find my discs... Jim Cone San Francisco "RagDyer" wrote in message Came across this ZDnet article which might interest some of you: http://blogs.zdnet.com/security/?p=814&tag=nl.e539 -- Regards, RD --------------------------------------------------------------------------- Please keep all correspondence within the NewsGroup, so all may benefit ! --------------------------------------------------------------------------- |
#4
Posted to microsoft.public.excel, microsoft.public.excel.misc,microsoft.public.excel.worksheet.functions
|
|||
|
|||
FYI - Microsoft Acknowledges XL Flaw
On Jan 16, 12:21*pm, "RagDyer" wrote:
Came across this ZDnet article which might interest some of you: http://blogs.zdnet.com/security/?p=814&tag=nl.e539 For those of us who have Office Excel 2003, it seems like the "obvious" workaround is to install SP3. Does anyone know of a reason not to? Does anyone know what feature(s) might no longer work or work differently as a result of whatever change in SP3 that insulates the user from the vulnerability? Having been on the system development side of such security, I appreciate the security sensitivity, ergo the limited information about the vulnerability. But I'm just wondering if any Excel expert can add to what the blog says. |
#5
Posted to microsoft.public.excel,microsoft.public.excel.misc,microsoft.public.excel.worksheet.functions
|
|||
|
|||
FYI - Microsoft Acknowledges XL Flaw
But I'm just wondering if any Excel expert
can add to what the blog says. I'm FAR from an expert but here's what I noticed that the article *didn't* say: It's not a malicious macro coded threat. In other words, disabling macros won't stop it. -- Biff Microsoft Excel MVP "joeu2004" wrote in message ... On Jan 16, 12:21 pm, "RagDyer" wrote: Came across this ZDnet article which might interest some of you: http://blogs.zdnet.com/security/?p=814&tag=nl.e539 For those of us who have Office Excel 2003, it seems like the "obvious" workaround is to install SP3. Does anyone know of a reason not to? Does anyone know what feature(s) might no longer work or work differently as a result of whatever change in SP3 that insulates the user from the vulnerability? Having been on the system development side of such security, I appreciate the security sensitivity, ergo the limited information about the vulnerability. But I'm just wondering if any Excel expert can add to what the blog says. |
#6
Posted to microsoft.public.excel,microsoft.public.excel.misc,microsoft.public.excel.worksheet.functions
|
|||
|
|||
FYI - Microsoft Acknowledges XL Flaw
From eweek - Jan 04, 2008... " Responding to complaints from Corel, Microsoft says users will soon be able to unblock and reblock files. Microsoft will provide a new and easy way for customers to unblock the files that were shut off by default when they installed Office 2003 Service Pack 3." ... http://www.eweek.com/c/a/Windows/Mic...File-Blocking/ Jim Cone San Francisco "joeu2004" wrote in message For those of us who have Office Excel 2003, it seems like the "obvious" workaround is to install SP3. Does anyone know of a reason not to? Does anyone know what feature(s) might no longer work or work differently as a result of whatever change in SP3 that insulates the user from the vulnerability? Having been on the system development side of such security, I appreciate the security sensitivity, ergo the limited information about the vulnerability. But I'm just wondering if any Excel expert can add to what the blog says. |
#7
Posted to microsoft.public.excel, microsoft.public.excel.misc,microsoft.public.excel.worksheet.functions
|
|||
|
|||
FYI - Microsoft Acknowledges XL Flaw
On Jan 16, 2:44*pm, "Jim Cone" wrote:
From eweek - Jan 04, 2008... " Responding to complaints from Corel, Microsoft says users will soon be able to unblock and reblock files. *Microsoft will provide a new and easy way for customers to unblock the files that were shut off by default when they installed Office 2003 Service Pack 3." Oh yes, I remember that <sigh. Thanks for the reminder. |
#8
Posted to microsoft.public.excel, microsoft.public.excel.misc,microsoft.public.excel.worksheet.functions
|
|||
|
|||
FYI - Microsoft Acknowledges XL Flaw
"T. Valko" wrote...
But I'm just wondering if any Excel expert can add to what the blog says. I'm FAR from an expert but here's what I noticed that the article *didn't* say: It's not a malicious macro coded threat. In other words, disabling macros won't stop it. .... The MSFT security advisory also didn't mention the precise file formats that could carry such payload that the affected versions of Excel (and the Excel 2003 VIEWER, fer cryin'g out loud!) mishandle. Recall the penitent words of a few senoir MSFT people just after the SP3 blockade was publicised: it's not the file formats themselves that are dangerous, it's the software that loads those files that would cause problems. If MSFT hasn't been able to figure out how to make Excel load binary spreadsheet files safely through Excel 2003, what are the odds they finally figured out how to do so with the .XLSB file format in Excel 2007? Conversely, will Excel 2007 SP-1 block .XLSB files? Just wondering. |
#9
Posted to microsoft.public.excel,microsoft.public.excel.misc,microsoft.public.excel.worksheet.functions
|
|||
|
|||
FYI - Microsoft Acknowledges XL Flaw
Wed, 16 Jan 2008 14:44:58 -0800 from Jim Cone
: From eweek - Jan 04, 2008... " Responding to complaints from Corel, Microsoft says users will soon be able to unblock and reblock files. Microsoft will provide a new and easy way for customers to unblock the files that were shut off by default when they installed Office 2003 Service Pack 3." ... http://www.eweek.com/c/a/Windows/Mic...File-Blocking/ And which formats are those? The article doesn't say, and neither do the articles that it links to. -- Stan Brown, Oak Road Systems, Tompkins County, New York, USA http://OakRoadSystems.com/ "If there's one thing I know, it's men. I ought to: it's been my life work." -- Marie Dressler, in /Dinner at Eight/ |
#10
Posted to microsoft.public.excel,microsoft.public.excel.misc,microsoft.public.excel.worksheet.functions
|
|||
|
|||
FYI - Microsoft Acknowledges XL Flaw
Stan Brown wrote: Wed, 16 Jan 2008 14:44:58 -0800 from Jim Cone : From eweek - Jan 04, 2008... " Responding to complaints from Corel, Microsoft says users will soon be able to unblock and reblock files. Microsoft will provide a new and easy way for customers to unblock the files that were shut off by default when they installed Office 2003 Service Pack 3." ... http://www.eweek.com/c/a/Windows/Mic...File-Blocking/ And which formats are those? The article doesn't say, and neither do the articles that it links to. Information about certain file types that are blocked after you install Office 2003 Service Pack 3 http://support.microsoft.com/kb/938810/en-us |
#11
Posted to microsoft.public.excel, microsoft.public.excel.misc,microsoft.public.excel.worksheet.functions
|
|||
|
|||
FYI - Microsoft Acknowledges XL Flaw
Bob I wrote...
Stan Brown wrote: .... And which formats are those? The article doesn't say, and neither do the articles that it links to. Information about certain file types that are blocked after you install Office 2003 Service Pack 3 http://support.microsoft.com/kb/938810/en-us Not necessarily the same thing. SP3 mostly blocks file types for older competitors' products (Lotus 123 and Quattro Pro). It also blocks .DIF, .SLK and .XLC, and only the latter two could be called Excel file types. SP3 doesn't block any .XLS file types. This latest security advisory doesn't mention whether the danger (in Excel's own code) arises from loading files in these less used formats or from .XLS files. However, since Microsoft's recommended fix (and a very self-serving fix it is!) is to convert files to the new OOXML file formats, and since one of their recommended means to do so involves using a new product called MOICE, details for which may be found in http://support.microsoft.com/kb/935865, and MOICE doesn't even handle the file types blocked by SP3 - quoted from the linked KB article, MOICE currently supports the following document formats: * .doc * .ppt * .pot * .pps * .xls * .xlt * .xla That sure makes it appear that the new vulnerability is in Excel's own file types, so SP3 would seem to be irrelevant to this new issue except insofar as Microsoft being happy enough to block file types that coincidentally happen to be the same ones they no longer support in Excel 2007. Then again, maybe the new vulnerability is in the file types blocked by SP3, but Microsoft is using this as just another way to push users into using OOXML file formats and spurring faster upgrading to Office 2007. The only thing that's clear is the lack of full disclosure is classic Microsoft. Tangential: odd that .dot files aren't included. |
#12
Posted to microsoft.public.excel, microsoft.public.excel.misc,microsoft.public.excel.worksheet.functions
|
|||
|
|||
FYI - Microsoft Acknowledges XL Flaw
Harlan Grove wrote...
.... That sure makes it appear that the new vulnerability is in Excel's own file types, so SP3 would seem to be irrelevant to this new issue .... Or maybe not. The security advisory does state that Excel 2003 SP3 is safe. However, that would also mean there's no benefit to convert .XLS files to OOXML files if you're using Excel 2003 SP3, and since MOICE doesn't handle the file types blocked by Excel 2003 SP3 it's difficult to see how using MOICE could resolve this vulnerability *IF* we were to take Microsoft's statements at face value. So, if the vulnerability arises from loading the file types blocked by Excel 2003 SP3, MOICE won't fix the issue. But if the vulnerability is in .XLS files, how can Microsoft claims Excel 2003 SP3 is safe? |
#13
Posted to microsoft.public.excel,microsoft.public.excel.misc,microsoft.public.excel.worksheet.functions
|
|||
|
|||
FYI - Microsoft Acknowledges XL Flaw
Thu, 17 Jan 2008 08:42:20 -0600 from Bob I :
Stan Brown wrote: And which formats are those? The article doesn't say, and neither do the articles that it links to. Information about certain file types that are blocked after you install Office 2003 Service Pack 3 http://support.microsoft.com/kb/938810/en-us Thanks! I'm bemused to note that it categorizes .dbf as dBASE II files. My ..dbf were created in dBASE IV. -- Stan Brown, Oak Road Systems, Tompkins County, New York, USA http://OakRoadSystems.com/ "If there's one thing I know, it's men. I ought to: it's been my life work." -- Marie Dressler, in /Dinner at Eight/ |
#14
Posted to microsoft.public.excel,microsoft.public.excel.misc,microsoft.public.excel.worksheet.functions
|
|||
|
|||
FYI - Microsoft Acknowledges XL Flaw
Stan Brown wrote: Thu, 17 Jan 2008 08:42:20 -0600 from Bob I : Stan Brown wrote: And which formats are those? The article doesn't say, and neither do the articles that it links to. Information about certain file types that are blocked after you install Office 2003 Service Pack 3 http://support.microsoft.com/kb/938810/en-us Thanks! I'm bemused to note that it categorizes .dbf as dBASE II files. My .dbf were created in dBASE IV. Welcome, I suspect the extention is what is checked, not something in the file header. |
Reply |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
Microsoft Visual Basic errors displaid when opening Microsoft Word 97 & Excel (7 | Setting up and Configuration of Excel | |||
3rd Security Flaw Found In XL | Excel Discussion (Misc queries) | |||
*Second* Zero-Day Excel Flaw | Excel Discussion (Misc queries) | |||
XL "zero-day" flaw used in Attacks | Excel Discussion (Misc queries) | |||
Change individual cell heights/widths in Microsoft Excel 2000 like Microsoft Word | Excel Discussion (Misc queries) |