{"id":233679,"date":"2026-04-15T07:46:00","date_gmt":"2026-04-15T11:46:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/15\/ancient-excel-bug-comes-out-of-retirement-for-active-attacks-the-register\/"},"modified":"2026-04-20T23:35:13","modified_gmt":"2026-04-21T03:35:13","slug":"ancient-excel-bug-comes-out-of-retirement-for-active-attacks-the-register","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/15\/ancient-excel-bug-comes-out-of-retirement-for-active-attacks-the-register\/","title":{"rendered":"Ancient Excel bug comes out of retirement for active attacks \u2022 The Register"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/2026\/04\/15\/excel_exploit\/\">Ancient Excel bug comes out of retirement for active attacks \u2022 The Register<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/04\/15\/excel_exploit\/\">https:\/\/www.theregister.com\/2026\/04\/15\/excel_exploit\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-15 07:46:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p>While Microsoft was rolling out its bumper Patch Tuesday updates this week, US cybersecurity agency CISA was readying an alert about a 17-year-old critical Excel flaw now under exploit.<\/p>\n<p>CISA confirmed shortly after Microsoft rolled out 165 patches on April 14 that CVE-2009-0238 (9.3), first published on February 24, 2009, was being abused in active attacks.<\/p>\n<p>It added the bug to its Known Exploited Vulnerability (KEV) catalog and set a two-week deadline for federal civilian executive branch (FCEB) agencies to patch \u2013 one week less than they usually get.<\/p>\n<p>CISA did not reveal much about how the Excel vulnerability is being exploited, nor by whom or for what purpose, as is often the case with its KEV publications.<\/p>\n<p>However, its description of CVE-2009-0238 is unchanged from Microsoft&#8217;s initial advisory. We know that it&#8217;s a remote code execution (RCE) issue that attackers can trigger by convincing victims to open a specially crafted Excel document that &#8220;includes a malformed object.&#8221;<\/p>\n<p>Microsoft notified the community and issued a fix for CVE-2009-0238 when it was first discovered being exploited by Trojan.Mdropper.AC, a loader used to deliver other malware in follow-on attacks.<\/p>\n<p>It affects the following versions:<\/p>\n<ul>\n<li>Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1<\/li>\n<li>Excel Viewer 2003 Gold and SP3<\/li>\n<li>Excel Viewer<\/li>\n<li>Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1<\/li>\n<li>Excel in Microsoft Office 2004 and 2008 for Mac<\/li>\n<\/ul>\n<p>&#8220;An attacker who successfully exploited these vulnerabilities could take complete control of an affected system,&#8221; Microsoft said in an advisory at the time of its initial disclosure in 2009.<\/p>\n<p>&#8220;An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system&#8230;<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/04\/15\/excel_exploit\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ancient Excel bug comes out of retirement for active attacks \u2022 The Register https:\/\/www.theregister.com\/2026\/04\/15\/excel_exploit\/ Publish&#8230;<\/p>\n","protected":false},"author":1,"featured_media":233680,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/regmedia.co.uk\/2022\/01\/20\/excel.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,32,27],"class_list":["post-233679","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-malware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233679"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=233679"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233679\/revisions"}],"predecessor-version":[{"id":233681,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233679\/revisions\/233681"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/233680"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=233679"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=233679"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=233679"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}