Microsoft Excel Archives

Winsage

April 9, 2025

Patch Tuesday fixes an exploited bug, but not for Windows 10

Microsoft's Patch Tuesday updates addressed over 120 vulnerabilities, including one actively exploited flaw (CVE-2025-29824) and 11 critical issues. CVE-2025-29824 is an elevation of privilege vulnerability in the Windows Common Log File System Driver, targeted by the group Storm-2460 to deploy ransomware called PipeMagic, affecting victims in the US, Spain, Venezuela, and Saudi Arabia. This vulnerability has a CVSS score of 7.8 and allows attackers to escalate privileges due to a use-after-free flaw. Patches for Windows Server and Windows 11 have been released, but Windows 10 users are still awaiting a fix, with Microsoft promising updates soon. Among the critical vulnerabilities addressed, all allow for remote code execution (RCE). Notable vulnerabilities include: - CVE-2025-26670: LDAP Client RCE, Critical, CVSS 8.1 - CVE-2025-27752: Microsoft Excel RCE, Critical, CVSS 7.8 - CVE-2025-29791: Microsoft Excel RCE, Critical, CVSS 7.8 - CVE-2025-27745: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27748: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27749: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27491: Windows Hyper-V RCE, Critical, CVSS 7.1 - CVE-2025-26663: Windows LDAP RCE, Critical, CVSS 8.1 - CVE-2025-27480: Windows RDP RCE, Critical, CVSS 8.1 - CVE-2025-27482: Windows RDP RCE, Critical, CVSS 8.1 - CVE-2025-26686: Windows TCP/IP RCE, Critical, CVSS 7.5 - CVE-2025-29809: Windows Kerberos Security Feature Bypass, Important, CVSS 7.1 Dustin Childs from ZDI noted that CVE-2025-29809 requires additional measures beyond standard patching. CVE-2025-26663 and CVE-2025-26670 are considered wormable, necessitating prompt updates, especially for networks exposing LDAP services. Adobe released over 50 fixes for vulnerabilities in products like Cold Fusion, After Effects, and Photoshop, with some issues in Cold Fusion classified as critical. AMD updated advisories regarding GPU access and various Ryzen AI software vulnerabilities.

Winsage

March 11, 2025

Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws

Microsoft released security updates on March 2025 Patch Tuesday, addressing 57 vulnerabilities, including six classified as critical related to remote code execution. The vulnerabilities are categorized as follows: 23 Elevation of Privilege, 3 Security Feature Bypass, 23 Remote Code Execution, 4 Information Disclosure, 1 Denial of Service, and 3 Spoofing. The updates specifically address six actively exploited zero-day vulnerabilities and one publicly disclosed zero-day vulnerability. The zero-day vulnerabilities include: 1. CVE-2025-24983 - Elevation of Privilege in Windows Win32 Kernel Subsystem. 2. CVE-2025-24984 - Information Disclosure in Windows NTFS. 3. CVE-2025-24985 - Remote Code Execution in Windows Fast FAT File System Driver. 4. CVE-2025-24991 - Information Disclosure in Windows NTFS. 5. CVE-2025-24993 - Remote Code Execution in Windows NTFS. 6. CVE-2025-26633 - Security Feature Bypass in Microsoft Management Console. The publicly disclosed zero-day is: - CVE-2025-26630 - Remote Code Execution in Microsoft Access. A comprehensive list of resolved vulnerabilities includes various CVE IDs and their respective titles and severities, with several vulnerabilities affecting Microsoft Office products, Windows components, and Azure services.

Winsage

February 18, 2025

100+ run commands that can help you work efficiently on Windows

Windows 11 and 10 provide run commands that streamline workflow by allowing quick access to various system tools, applications, settings, and diagnostic features. Administrative Tools: - compmgmt.msc: Opens Computer Management. - devmgmt.msc: Launches Device Manager. - diskmgmt.msc: Opens Disk Management. - services.msc: Manages background services. - eventvwr.msc: Opens Event Viewer. - secpol.msc: Opens Local Security Policy. - regedit: Opens Registry Editor. - taskschd.msc: Opens Task Scheduler. - gpedit.msc: Opens Group Policy Editor (Pro & Enterprise). System Diagnostics and Troubleshooting: - msinfo32: Opens System Information. - dxdiag: Launches DirectX Diagnostic Tool. - verifier: Opens Driver Verifier Manager. - resmon: Opens Resource Monitor. - perfmon: Opens Performance Monitor. - mdsched: Runs Windows Memory Diagnostic. - msdt: Opens Microsoft Support Diagnostic Tool. - dism /online /cleanup-image /restorehealth: Repairs Windows image. - sfc /scannow: Scans and repairs system files. - chkdsk: Runs Check Disk. - winver: Checks Windows version. - cleanmgr: Opens Disk Cleanup. File and Storage Management: - cleanmgr: Launches Disk Cleanup. - dfrgui: Opens Disk Defragmenter. - chkdsk: Checks and repairs disk errors. - diskpart: Opens Disk Partition utility. - onedrive: Opens OneDrive folder. - shell:AppsFolder: Opens all apps folder. - wab: Opens Windows contacts folder. - explorer: Opens File Explorer. - recent: Opens recent files and folders. - documents: Opens Documents folder. - downloads: Opens Downloads folder. - favorites: Opens Favorites folder. - pictures: Opens Pictures folder. - videos: Opens Videos folder. - %AppData%: Opens App Data folder. - debug: Accesses Debug folder. - backup: Opens backup folder. - %systemdrive%: Opens system drive. Security and Maintenance: - firewall.cpl: Opens Windows Defender Firewall. - wf.msc: Launches Firewall with advanced security. - ms-settings:windowsdefender: Opens Windows Security. - sigverif: Verifies file signatures. - verifier: Checks driver integrity. - msconfig: Opens System Configuration. - sfc /scannow: Runs system file checker. - dism /online /cleanup-image /restorehealth: Repairs Windows image. Launching Apps: - notepad: Opens Notepad. - calc: Launches Calculator. - snippingtool: Opens Snipping Tool. - mspaint: Opens Microsoft Paint. - winword: Starts Microsoft Word. - excel: Opens Microsoft Excel. - chrome: Launches Google Chrome. - msedge: Opens Microsoft Edge. - control: Opens Control Panel. - explorer: Opens File Explorer. - powerpnt: Opens Microsoft PowerPoint. - firefox: Opens Mozilla Firefox. - wmplayer: Opens Windows Media Player. - msra: Opens Windows Remote Assistance. - outlook: Opens Microsoft Outlook. Navigating Settings: - ms-settings: Opens main Settings app. - ms-settings:network: Opens network & internet settings. - ms-settings:display: Opens display settings. - ms-settings:personalization: Opens personalization settings. - ms-settings:windowsupdate: Opens Windows Update settings. - ms-settings:privacy: Opens Privacy settings. - ms-settings:bluetooth: Opens Bluetooth settings. - ms-settings:devices: Opens Devices settings. - ms-settings:system: Opens System settings. - ms-settings:accounts: Opens Accounts settings. - ms-settings:timeandlanguage: Opens Time & Language settings. - ms-settings:gaming: Opens Gaming settings. - ms-settings:region: Opens Region settings. - ms-settings:optionalfeatures: Opens Optional Features settings. - ms-settings:storage: Opens Storage settings. - ms-settings:notifications: Opens Notifications settings. - ms-settings:taskbar: Opens Taskbar settings. - ms-settings:start: Opens Start Menu settings. - ms-settings:lockscreen: Opens Lock Screen settings. Network and Connectivity: - ncpa.cpl: Opens Network Connections. - ipconfig: Displays IP configuration. - ping: Tests network connectivity. - control netconnections: Opens Network and Sharing Center. - ms-settings:network-wifi: Opens Wi-Fi settings. - ms-settings:datausage: View data usage. - ms-settings:network-vpn: Manage VPN. - ms-settings:network-proxy: Configures proxy settings. Display and Appearance: - desk.cpl: Opens Display Settings. - control color: Customizes window colors. - dpiscaling: Opens display scaling settings. - ms-settings:personalization: Opens Personalization settings. - ms-settings:themes: Changes desktop themes. - ms-settings:display-advanced: Adjusts advanced display settings. Accessibility: - magnify: Opens Magnifier. - narrator: Launches Narrator. - osk: Opens on-screen keyboard. - utilman: Opens Ease of Access Center. - ms-settings:easeofaccess-display: Opens display accessibility settings. - ms-settings:easeofaccess-cursor: Opens cursor accessibility settings. - ms-settings:easeofaccess-mouse: Opens mouse accessibility settings. - ms-settings:easeofaccess-keyboard: Opens keyboard accessibility settings. - ms-settings:easeofaccess-narrator: Opens narrator accessibility settings. - ms-settings:easeofaccess-magnifier: Opens magnifier accessibility settings. - ms-settings:easeofaccess-colorfilter: Opens color filter accessibility settings. - ms-settings:easeofaccess-highcontrast: Opens high contrast accessibility settings. - ms-settings:easeofaccess-closedcaptioning: Opens closed captioning accessibility settings. - ms-settings:easeofaccess-audio: Opens audio accessibility settings. - ms-settings:easeofaccess-eyecontrol: Opens eye control accessibility settings. - ms-settings:easeofaccess-mousepointer: Opens mouse pointer accessibility settings. Power Management: - powercfg.cpl: Opens Power Options. - ms-settings:powersleep: Adjusts power and sleep settings. - powercfg /batteryreport: Generates a battery report. - powercfg /energy: Creates an energy efficiency report. - powercfg /hibernate: Enables or disables hibernation. - powercfg /deviceenablewake: Enables a device to wake the computer. - powercfg /devicedisablewake: Disables a device from waking the computer.

Winsage

February 12, 2025

Windows 11 Patch Tuesday tweaks taskbar and adds handy icon in system tray for AI effects

Windows 11's latest Patch Tuesday updates include several enhancements and fixes: - Taskbar: Improved visual previews and smoother animations for taskbar applications. - Windows Studio Effects: New system tray icon for applications using Windows Studio Effects, with access to the Studio Effects page in Quick Settings. - Fonts: Introduction of Simsun-ExtG, a new simplified Chinese font supporting 9,753 ideographs. - File Explorer: New "New Folder" option in the context menu, restoration of previously open tabs, automatic activation of specific settings, and several fixes related to search functionality and icon updates. - Settings: Users can change time zones without administrative privileges. - Mouse: Fixed issues with cursor disappearance, transparency, and performance. - Pinyin IME: Bug fix for language switching. - Snipping Tool: Resolved distortion issues for multi-monitor screenshots. - Microsoft Excel 2016: Fixed loading screen issue for certain files. - Game Bar: Fixed recording failure issue. - HDR: Corrected oversaturation issues in some games. - DAC: Fixed playback issues with USB audio devices. - USB audio device drivers: Resolved code 10 error message. - Chinese Pinyin IME: Bing no longer provides automatic suggestions for certain search engines. - USB cameras: Fixed recognition issues post-January 2025 security update. - Passkey: Eliminated one-minute timeout for mobile device passkeys. - Power: Improved shutdown times with connected controllers. - Wi-Fi: Resolved unresponsive Windows Security dialog when signing into certain networks.

Winsage

February 12, 2025

Microsoft Patch Tuesday February 2025 – 61 Vulnerabilities Fixed, 3 Actively Exploited in the Wild

Microsoft's February Patch Tuesday update addresses 61 vulnerabilities, including 25 critical Remote Code Execution (RCE) vulnerabilities. Three of these are zero-days, actively exploited before the update: 1. CVE-2023-24932: Secure Boot security feature bypass requiring physical access or administrative rights. 2. CVE-2025-21391: Windows Storage elevation of privilege vulnerability that could lead to data deletion. 3. CVE-2025-21418: Vulnerability in Windows Ancillary Function Driver for WinSock allowing privilege escalation. Critical vulnerabilities include: - CVE-2025-21376: Windows LDAP RCE vulnerability. - CVE-2025-21379: RCE vulnerability in DHCP Client Service. - CVE-2025-21381: RCE vulnerability in Microsoft Excel. The update also addresses additional vulnerabilities related to remote code execution, elevation of privilege, denial of service, security feature bypass, spoofing, and information disclosure across various Microsoft products. Microsoft advises immediate application of the updates to mitigate risks.

Winsage

February 12, 2025

Microsoft Patch Tuesday February 2025: 61 Vulnerabilities Including 25 RCE’s Fixed

Microsoft released its February 2025 Patch Tuesday security updates, addressing over 61 vulnerabilities across its products. The updates include: - 25 Remote Code Execution vulnerabilities - 14 Elevation of Privilege vulnerabilities - 6 Denial of Service vulnerabilities - 4 Security Feature Bypass vulnerabilities - 2 Spoofing vulnerabilities - 1 Information Disclosure vulnerability Notable critical vulnerabilities include: - CVE-2025-21376: Remote code execution risk via LDAP protocol. - CVE-2025-21379: Flaw in DHCP client service allowing system compromise via crafted network packets. - CVE-2025-21381, CVE-2025-21386, CVE-2025-21387: Multiple vulnerabilities in Microsoft Excel enabling code execution through specially crafted files. - CVE-2025-21406, CVE-2025-21407: Vulnerabilities in Windows Telephony Service allowing remote code execution. Two vulnerabilities confirmed as actively exploited: - CVE-2023-24932: Bypass of Secure Boot protections. - CVE-2025-21391: Elevated privileges on affected systems. - CVE-2025-21418: Gain SYSTEM privileges through exploitation. Other notable fixes include vulnerabilities in Visual Studio and Microsoft Office that could lead to remote code execution. Users can apply updates via Windows Update, Microsoft Update Catalog, or WSUS. Microsoft emphasizes the urgency of these updates due to the active exploitation of certain vulnerabilities.

Winsage

February 11, 2025

Zero Day Initiative — The February 2025 Security Update Review

Adobe released seven bulletins in February 2025, addressing 45 CVEs across products such as InDesign, Commerce, Substance 3D Stager, InCopy, Illustrator, Substance 3D Designer, and Photoshop Elements. The updates include: - InDesign: Seven bugs fixed, four rated Critical. - Illustrator: Three critical bugs allowing arbitrary code execution when opening malicious files. - Substance 3D Stager: One DoS bug fixed. - InCopy: One critical-rated code execution vulnerability patched. - Substance 3D Designer: One critical-rated code execution vulnerability patched. - Photoshop Elements: One important-rated privilege escalation vulnerability addressed. None of the patched vulnerabilities were publicly known or under active attack at the time of release. Microsoft released patches for 57 new CVEs affecting Windows, Office, Azure, Visual Studio, and Remote Desktop Services, totaling 67 CVEs including third-party submissions. The severity ratings are: - 3 rated Critical - 53 rated Important - 1 rated Moderate Two vulnerabilities are publicly known, and two are under active attack. Notable vulnerabilities include: - CVE-2025-21391: Windows Storage Elevation of Privilege Vulnerability allowing file deletion and privilege escalation. - CVE-2025-21418: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability requiring authenticated user interaction. - CVE-2025-21376: Windows LDAP Remote Code Execution Vulnerability allowing unauthenticated remote code execution. - CVE-2025-21387: Microsoft Excel Remote Code Execution Vulnerability exploitable through the Preview Pane requiring user interaction.

Winsage

December 10, 2024

Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws

A compilation of vulnerabilities in various Microsoft products has been released, highlighting critical issues that require immediate attention. Key vulnerabilities include: - Microsoft/Muzic Remote Code Execution Vulnerability (CVE-2024-49063) - classified as important. - Microsoft Defender for Endpoint on Android Spoofing Vulnerability (CVE-2024-49057) - rated important. - Microsoft Edge vulnerabilities: - Type Confusion in V8 (CVE-2024-12053) - severity unknown. - Spoofing vulnerability (CVE-2024-49041) - rated moderate. - Microsoft Office vulnerabilities: - Elevation of Privilege Vulnerability (CVE-2024-49059) - rated important. - Elevation of Privilege Vulnerability (CVE-2024-43600) - rated important. - Remote Code Execution Vulnerability in Microsoft Access (CVE-2024-49142) - rated important. - Critical vulnerabilities in Microsoft Excel (CVE-2024-49069) and Publisher (CVE-2024-49079). - SharePoint vulnerabilities: - Information disclosure (CVE-2024-49064, CVE-2024-49062) - rated important. - Elevation of privilege (CVE-2024-49068) - rated important. - Remote code execution (CVE-2024-49070) - rated critical. Critical vulnerabilities in Windows services include: - Windows Hyper-V Remote Code Execution Vulnerability (CVE-2024-49117) - rated critical. - Windows Remote Desktop Services vulnerabilities (CVE-2024-49132, CVE-2024-49115, CVE-2024-49116) - all rated critical. - Windows Lightweight Directory Access Protocol vulnerabilities (CVE-2024-49124, CVE-2024-49112, CVE-2024-49127) - rated critical. - Windows Message Queuing (MSMQ) vulnerabilities (CVE-2024-49118, CVE-2024-49122) - rated critical.

Winsage

November 12, 2024

Watch out, that Excel document could be infected with dangerous malware

A new phishing campaign is using an Excel file to distribute a fileless version of the Remcos Remote Access Trojan (RAT). Researchers from Fortinet found that attackers are sending purchase order emails with an Excel attachment that exploits a remote code execution vulnerability in Office (CVE-2017-0199). Activating the file downloads an HTML Application (HTA) file from a remote server, which is launched via mshta.exe.malware. Remcos can log keystrokes, capture screenshots, and execute commands on compromised systems. This variant operates without leaving traditional file traces, making detection more difficult. Email phishing is a common method for cybercriminals to infect devices and steal sensitive information. Users are advised to be cautious with emails and attachments.

Winsage

October 22, 2024

Excel enters its 40th year

Microsoft Excel was launched on September 30, 1985, initially as a Mac application before transitioning to Windows in 1987. It was the default spreadsheet application for Microsoft Windows, which was released later that year. Excel transformed the spreadsheet landscape, building on earlier software like VisiCalc and Lotus 1-2-3. It gained popularity due to its user-friendly interface and intuitive design, leading to its dominance in the market. Over time, IBM discontinued its Smartsuite, which included the last version of Lotus 1-2-3 for Windows, while Excel continued to evolve and remain a powerful tool in the business world.