Microsoft target Office with Patch Tuesday blitz
By Miya Knights,
Microsoft's monthly patching update was released late yesterday, addressing 12 vulnerabilities in Office along with four critical updates.
Security experts said this is the first time they can recall the software vendor releasing Patch Tuesday updates exclusively for Office. Alan Bentley, regional vice president of security vendor, Lumension said: "As all four of the patches affect Microsoft Office, these patches cannot be ignored or delayed. The broad install base of Office makes its vulnerabilities an enticing target for hackers and cyber criminals."
Microsoft said hackers could use the flaws identified in March's patch update to gain control of an unprotected PC's systems. And the affected Office components include Outlook, Office 2000 and Office's web components, as well as an Excel flaw that's been a target of hackers for some two months or so already.
Update MS08-014 fixes the publicly disclosed, zero day flaw in the spreadsheet application that entices users to click on malicious Excel files in order to infect PCs with spyware and rootkits. Versions 2000, 2002 and 2003 and Service Pack 2 of Excel are affected, Microsoft said. Although it added that Excel 2007 or Excel 2003, Service Pack 3 were not at risk.
But Benson singled out the MS08-015 patch, which addresses a flaw that could be used to trick a victim into clicking on a specially crafted "mailto" link, allowing an attacker to potentially, "install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft said in the patch notice.
This kind of attack exploits flaws in the mail client's handling Uniform Resource Identifiers (URIs) and has been observed in use in the wild for the past year now.
"Microsoft Outlook is the dominant email client in use today and email is also one of the most common attach vehicles used by hackers against organisations," added Bentley. "This makes MS08-015 a critical, remote-code-execution vulnerability that affects virtually all versions of Outlook, the biggest priority for IT administrators this Patch Tuesday. This vulnerability affects all versions of Outlook, including Outlook 2007 running on Windows XP and Vista."
The other two updates address critical vulnerabilities in Office and its ActiveX control web components used not only in the productivity suite, but also in Microsoft's BizTalk Server, Commerce Server, and the Internet Security and Acceleration (ISA) Server.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Apple iPad 3 vs iPad 2 head-to-head review
- ICO: Fines for cookie law breakers
- Hutchison denies it will pull plug on Three UK
- Sony Vaio T13 Ultrabook review: First look
- BlackBerry 7 OS certified to carry 'Restricted' UK government information
- Facebook floatation marred by Nasdaq glitch
- Open source software driving cloud-based innovation
- CIO: Career is over?
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell PowerEdge R820 review
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
