Microsoft warns of new Office flaw

4 Sep 2003

Microsoft has issued a new series of warnings surrounding a “critical flaw” that affects many of its Office applications. In a recent security bulletin, the company has directed computer users to a patch that will prevent an attacker taking over their computers.

It is understood that the “critical flaw” exists in its Visual Basic for Applications (VBA) software, used to develop applications for Windows and Office that could enable a malicious programmer to create documents that would launch attacks on unsuspecting users.

The flaw affects recent versions of Office applications that support VBA scripting, including the 2002, 2000 and 97 versions of Access, Excel, PowerPoint and Word. It can also be used with Project 2002 and 2000, Visio 2002 and 2000 and Works Suite 2002, 2001 and 2000. Several applications sold under Microsoft’s Business Solutions brand also are at risk, including version 7.5 of the Great Plains accounting software.

Microsoft warned that a user could trigger an attack by opening a document in any programme that contains Visual Basic components.

Microsoft has vowed to improve security and reliability of its software, which has been hit by several high profile flaws this year. The Slammer worm nearly brought down the internet in January, while in August the Blaster worm and its variants crippled hundreds of thousands of computers.

Microsoft first informed computers users of the flaw that was subsequently exploited by Blaster in a security bulletin in July. Experts fear that the latest disclosure could spawn a new virus.

Microsoft urged users in its security bulletin to apply the software patch at

By John Kennedy