Bugwatchers expose Microsoft security hole

NEWS A security flaw has been exposed in Microsoft's Office 97 software which could allow malicious code to bypass anti-virus software. A posting on security mailing list, NTBugtraq, claims some versions of Office 97 are open to attack from malicious Web sites and emails. It claims they do not subject files created by Office programs - such as Word, Excel and PowerPoint - to the same security checks as other documents. Owners of newer models of Compaq and Hewlett-Packard computers - which update their software via the Web - may also be at risk, according to the posting. The problem does not affect Office 2000 and later versions of Office 97. Microsoft has acknowledged the problem, but said it is restricted to Excel and resides in version 3.5 of the Jet database driver. It said it is investigating the matter thoroughly, and will post a fix on its Web site. A spokesman said: "Now people know about this, we've got to act quickly, before people start writing malicious code." But Graham Cluley, senior technical consultant for Sophos Anti-Virus, said users should not be too concerned by the security problem, saying that it poses "more of a theoretical rather than a real threat". In the meantime, anxious users can find a fix on http://www.ntbugtraq.com