Microsoft updates Excel security patch

Microsoft updates Excel security patch


Last week's fix caused performance problems

Microsoft has issued an update for a flaw previously addressed in Excel, admitting that the patch caused errors.

The company patched the 'critical' flaw in last week's Patch Tuesday release, but the update caused Excel to encounter a new performance problem.

Microsoft acknowledged that the vulnerability could allow an attacker to remotely execute code on the target system.

The flaw lies in the way Excel files are processed and could allow an attacker to remotely assume control of a user's system, including the ability to execute malicious code.

The update was rated 'critical' for Microsoft Office 2000, and 'important' for Office XP, 2003, 2007 and the Mac versions of Office 2004 and 2008.

Microsoft spokesman Tim Rains said, "The original version released on 11 March did fully protect against the security issues discussed in the bulletin."

"However, after release we discovered that the security update caused a calculation error in Microsoft Excel 2003 when a Real Time Data source was used in a user-created Visual Basic for Applications solution (in other words a custom-built VBA function)."

On installing the update, users encountered a 'Real Time Data' error when attempting to use the component with Office's Visual Basic for Applications software.

Users can obtain the update through Microsoft's Automatic Update.