As someone who works on computers for a living, part of my job is reading. I read all sorts of computer industry trade journals, security magazines, blogs, newsletters and the like. If you ever see me eating out at a restaurant, you’ll probably catch me reading an issue of Network World or Government Security News.
One item that I read this week about a flaw in Microsoft Office prompted me to write this article, issuing, as it were, a “security alert.” You need to update Microsoft Office. This applies to both Microsoft Windows and Apple Macintosh computers.
It seems that “attack code” has been released on the Internet that allows the bad guys to exploit a security flaw in Microsoft’s Excel program. In simple terms, this means that opening a specially crafted malicious Excel file could infect your computer with viruses, spyware, password-stealers and other nasty hacker tools. Your computer could even be turned into a “zombie” and made part of a large network of other infected machines, covertly controlled to distribute spam, porno, and attack more lucrative targets.
Microsoft has been dragging its feet about the flaw for over two months, admitting in January that “Microsoft is aware of specific targeted attacks that attempt to use this vulnerability.” However, they didn’t consider the flaw important enough at the time to correct the problem. Their only advice was to block all Excel files coming in over a network, such as email attachments.
Microsoft Office is a package of programs that consists of Microsoft Word, Excel, PowerPoint, and Outlook. Some versions also include Access and Publisher, along with other minor programs. Some of the Office hacks that have been discovered over the years cause your computer to crash, while others allow attackers to “escalate privileges,” which is fancy-pants geek talk for controlling your machine. The Excel flaw allows “remote attackers to execute arbitrary code.” Are you confused, yet? Just keep in mind that anything that allows “arbitrary code” to be executed by attacker is very, very bad.
Unless you simply don’t care if your computer turns into a useless box of circuits, Windows and Office updates are not optional. Performing these updates is one of the most important things that you can do to keep the bad guys of the Internet from wrecking your machine. I once repaired a computer that had never run Windows Update, yet had been used on the Internet for two years. Before I removed 249 viruses and over 3000 spyware programs, this computer would barely even turn on. I can’t even really be sure that I got rid of all of the bad stuff that could have been there.
For most users, the easiest way to get Microsoft Office updates is to run Microsoft Update, instead of simply running Windows Update. You’ll see the option to do this on the Windows Update website. Using Microsoft Update allows you to update all of your Microsoft products in one place. If you need more help, do a Google search for “How to use Microsoft update,” and you’ll find some pretty good instructions. Give it a try; I think that you’ll like it.