Article

Spate of vulnerabilities affect Microsoft business apps

Lawrence M. Walsh, Information Security Magazine Managing Editor

Microsoft isn't getting off on the right foot in September, releasing a rash of vulnerability advisories and numerous patches Wednesday for many popular versions of desktop and business applications.

The most critical vulnerability is titled "Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution" (MS 03037). Microsoft provided few details about the actual vulnerability, but says the flaw is dangerous and users of affected software should apply patches immediate.

Affected software includes Access (97/2000/2002), Excel (97/2000/2002), PowerPoint (97/2000/2002), Project (2000/2002), Publisher 2002, Visio (2000/2002), Word (97/98(J)/2000/2002), Works Suite (2001/2002/2003) and several versions of Microsoft Business solutions. Microsoft cautions users to check the patch before installing, since there are different patches for each application.

Also affecting popular word processing applications are two important vulnerability advisories: "Flaw in Word Could Enable Macros to Run Automatically" (MS 03035) and "Buffer Overrun in WordPerfect Converter Could Allow Code Execution" (MS 03036).

Microsoft is advising users to patch affected software immediately to prevent exploitation of a macro virus targeting vulnerable versions of the popular word processor. Affected versions include: Word 97/98(J)/2000/2002 and Works Suite 2001/2002/2003.

The WordPerfect converter flaw is equally important, since it could allow an attacker

    Requires Free Membership to View

to run code on a target system. Affected software includes Office (97/2000/XP), Word 98(J), FrontPage 2002, Publisher 2000 and Works Suite (2001/2002/2003).

A second buffer overflow vulnerability is affecting version of the Access database solution. "Unchecked Buffer Overflow in Microsoft Access Snapshot Viewer Could Allow Code Execution" (MS 03038) is rated as a moderate vulnerability that affects Access (97/2002/2002) and the downloadable Access Snapshot Viewer. A patch is available.

Microsoft's operating system didn't escape this round of security problems. "Flaw in NetBIOS Could Lead to Information Disclosure" (MS 03034) is rated as a low priority, but it could cause some serious security problems.

Under certain conditions, a NetBT query used to pass datagrams between networked devices will return not only machine address information, but pieces of data from the target machine's memory. The data leakage is completely random, but an attacker could use a series of queries to capture critical information. A patch is available, but Microsoft also recommends closing port 137 to prevent exploitation from the Internet.

FOR MORE INFORMATION:

SearchSecurity.com news exclusive: "New critical holes in Windows detailed"

SearchSecurity.com Ask the Experts

Microsoft security bulletin MS03-034

Microsoft security bulletin MS03-035

Microsoft security bulletin MS03-036

Microsoft security bulletin MS03-037

Microsoft security bulletin MS03-038


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: