Microsoft to address critical vulnerability in Office Web Components

Microsoft will issue security updates for five critical vulnerabilities next week, including one that affects multiple software packages.

Microsoft will issue five critical security bulletins in its August Patch Tuesday release, including one that affects Microsoft Office, Microsoft Visual Studio, Microsoft ISA Server and Microsoft BizTalk Server, and another for both Windows and the Windows Client for Mac.

In its advance noticeissued Thursday, Microsoft said that the critical bulletin affecting Microsoft Office, Microsoft Visual Studio, Microsoft ISA Server and Microsoft BizTalk Server addresses a vulnerability in Microsoft Office Web Components, first raised in security advisory 973472. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, remote code execution is possible and may not require any user intervention.

Four additional updates are rated as important, including one that affects the .NET framework.

Microsoft said that the critical updates to be issued August 11 all involve remote code execution. All the updates, except for the one affecting the .NET Framework, will require system restarts.

The Office-related bulletin may require a restart if the binaries being updated are in use, according to Microsoft security program manager Jerry Bryant. He recommended referring to Knowledge Base article 887012 to reduce the chances of requiring a restart.

The majority of the updates impact most Windows client and server operating systems. The .NET bulletin affects Microsoft Visual Studio .NET 2003 Service Pack 1.

Dig deeper on Application Attacks (Buffer Overflows, Cross-Site Scripting)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close