Excel zero day: Microsoft explains workarounds

In a newly released security advisory concerning the recently discovered flaw in Excel, Microsoft explains the measures that users can take to protect themselves until a patch is released. Users of Excel 2003, Excel Viewer 2003, Excel 2002, Excel 2000, Microsoft Excel 2004 for Mac, and Microsoft Excel v.X for Mac are affected by the flaw.

In addition to general measures, such as blocking Excel file attachments and e-mails on e-mail servers or removing all Excel links with Excel documents in the registry, Microsoft suggests that users disable Repair Mode in Excel. To do so, access rights in Windows XP need to be modified in the registry key HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Excel\Resiliency.

If this key does not exist, it needs to be created. Right-click on the key in the Registry editor to open the content menu and select the item "Security". Then, uncheck the option "Inherit from parent the permission entries that apply to child objects. Include these with entries explicitly defined here" option in the Advanced window. In the dialog that then appears with the options "Copy", "Remove" and "Cancel", select "Remove". Access to the key is then blocked for everyone, and this also disables Repair Mode. After this, the zero-day exploit will no longer work.

Before you make these changes, you should back up your system or at least set a system restore point, because accidental changes made in registry keys can prevent Windows from working correctly. It may, however, be easier simply to switch temporarily or permanently to an alternative office software suite such as OpenOffice. Unfortunately, not all complex templates and documents can be converted smoothly so this option is not feasible for everyone.

Also see:

• Vulnerability in Excel Could Allow Remote Code Execution, Microsoft's security advisory

(ehe)