1. Forum
  2. tqwNet
  3. TQW GENTECH

  • An ancient Microsoft Excel security flaw could let hackers hijack

    From TechnologyDaily@1337:1/100 to All on Thursday, April 16, 2026 15:45:25
    An ancient Microsoft Excel security flaw could let hackers hijack your entire system, so patch now

    Date:
    Thu, 16 Apr 2026 14:35:00 +0000

    Description:
    CISA is warning about ongoing exploitation of a 2008 bug in multiple versions of Excel.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter CISA adds 18yearold Excel flaw (CVE20090238) to KEV catalog Vulnerability enables RCE via malicious Excel files, patched long ago Outdated systems still at risk; agencies ordered to patch by April
    28 Incredible as it may sound, there are still systems out there vulnerable
    to 18-year-old Microsoft Excel vulnerabilities, and unsurprisingly, cybercriminals are taking advantage of that fact.

    The US Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities (KEV) catalog - a list of flaws confirmed to be exploited in the wild, to add CVE-2009-0238, a bug in Microsoft Excel first discovered in 2009. According to the National Vulnerability Database (NVD), the bug allows threat actors to execute arbitrary code (RCE) via a crafted Excel document that triggers an access attempt on an invalid object. Article continues below You may like Worrying Microsoft Office security flaw patched - update now or risk hackers accessing your files This 'fascinating' Microsoft Excel security flaw teams up spreadsheets and Copilot Agent to steal data Critical Citrix NetScaler flaw gets official patch warning from CISA A week to patch This vulnerability, given a severity score of 8.8/10 (high), was first observed delivering the Trojan.Mdropper.AC malware .

    It affects Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac. It was patched literally ages ago.

    Still, it seems that there are systems out there still using this severely outdated, and thus vulnerable, software. CISA added the bug to KEV on April
    14 2026, and gave FCEB agencies a weeks time to patch up (April 28).

    Other than that, we dont know much about who is exploiting the bug and to
    what end. CISA could not say if the flaw was being used in ransomware infections, or not. We can assume that the attacks include a phishing email with a weaponized Excel document. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news
    and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Furthermore, if we assume that versions not on the list are safe, that would mean anyone running these is not at risk:

    Excel 2007 (SP2 and later) Excel 2010 Excel 2013 Excel 2016 Excel 2019 Excel 2021 Excel for Microsoft 365 (all versions) Excel for Mac (versions newer
    than 2008).

    Via The Register The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/an-ancient-microsoft-excel-security-fla w-could-let-hackers-hijack-your-entire-system-so-patch-now


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)