A 17-year-old critical Excel vulnerability has resurfaced, with the US Cybersecurity and Infrastructure Security Agency (CISA) adding it to its list of actively exploited flaws. This ancient bug, which has been dormant for years, is now being leveraged by attackers to compromise systems. The vulnerability, affecting Microsoft Excel, was initially patched, but its reemergence highlights the ongoing risks associated with outdated software and the importance of regular patching. As CISA1 has warned, the flaw is being actively exploited, emphasizing the need for users to ensure their systems are up-to-date with the latest security patches. The fact that a vulnerability from 2009 can still be exploited today underscores the persistence of cyber threats and the need for vigilant security practices. This matters to security practitioners because it highlights the importance of maintaining a robust patch management strategy to prevent attackers from exploiting known vulnerabilities.
Ancient Excel bug comes out of retirement for active attacks
⚡ High Priority
Why This Matters
Vuln old enough to drive lands on CISA's exploited list While Microsoft was rolling out its bumper Patch Tuesday updates this week, US cybersecurity agency CISA was readying an.
References
- The Register. (2026, April 15). Ancient Excel bug comes out of retirement for active attacks. The Register. https://go.theregister.com/feed/www.theregister.com/2026/04/15/excel_exploit/
Original Source
The Register
Read original →