Patch Tuesday Plugs 12 Holes in Microsoft Office
On Patch Tuesday, Microsoft fixed 12 vulnerabilities in four protection bulletins. Every one of them fixes bugs in Microsoft Office.
Included is a fix for the zero-day remote-code vulnerability in Excel. The exploit was made public in January and is corrected by the MS08-014 patch that addresses seven vulnerabilities in Excel. The other patches, MS08-015, MS08-016 and MS08-017, address issues in Outlook, Office and Office Web Components, respectively.
All the safety measure bulletins are serious, but the Office Web Components patch stands out considering these ActiveX components are widely distributed and relatively easy to exploit, according to Ben Greenbaum, senior research manager for Symantec shield Response. Symantec has observed attackers continuing to target Web plug-ins to quickly and quietly install malicious cipher.
“While browser plug-ins of all kinds represent an increasingly appealing vector for attackers, the safety measure of other nonnetwork-facing applications is still a relevant issue as well,” Greenbaum said. “With seven vulnerabilities being addressed in the
Don’t Delay
considering all four of the patches affect Microsoft Office, these patches cannot be ignored or delayed, urged Don Leatham, director of solutions and strategy at Lumension defense. The broad install base of Microsoft Office, he said, makes Office vulnerabilities an enticing target for hackers and cybercriminals.
“Microsoft Outlook is the dominant e-mail client in use today, and e-mail is plus one of the most common attack vehicles used by hackers against organizations,” Leatham said. “This will produce Bulletin 2, a critical, remote-code-execution vulnerability which affects virtually all versions of Outlook, the biggest priority for IT administrators. that vulnerability affects all versions of Outlook, including Outlook 2007 running on Windows XP…
Original post by Top Tech News
No comments yet. Be the first.
Leave a reply
