Microsoft Patches Buggy Excel Patch

A targeted re-release of MS07-007 corrects a glitch affecting Excel 2000 users.

Microsoft has re-released an update issued in its January 2007 patch batch to correct a glitch in the way Excel 2000 processes information.

The company announced that the "targeted re-release" was necessary to correct the bug, which occurs in the way Excel 2000 processes the phonetic information embedded in files created using Excel in the Korean, Chinese or Japanese executable mode.

"After you install [the patch], you can no longer open some files that you created by using any version of Excel," the company warned.

The patch was shipped Jan. 9 as part of the MS07-002 bulletin that provided fixes for a total of five Microsoft Excel vulnerabilities. The update is rated "critical," Microsofts highest severity rating.

/zimages/4/28571.gifClick here to read more about Microsofts fixes from its latest Patch Tuesday.

A company spokesman stressed that the re-released patch only applies to customers running Excel 2000 and noted that the original version of the security fix "does protect against all vulnerabilities discussed in the bulletin."

"Customers who are not running Excel 2000 do not need to take action," the spokesperson said.

On Jan. 9, the Redmond, Wash., software maker shipped four bulletins with patches for a total of 10 vulnerabilities, most rated "critical," but there were no updates for known—and under attack—flaws in the ubiquitous Microsoft Word software.

Microsoft originally planned to ship eight bulletins this month, but four were pulled at the eleventh hour, suggesting that there were problems with the quality of the updates. The companys security response team has officially confirmed that at least three undocumented Word vulnerabilities are being used in code-execution attacks against select targets.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.