Microsoft to issue critical fixes for Office, Excel and Outlook |
 |
By SearchSecurity.com Staff
06 Mar 2008 | SearchSecurity.com |
|
|
Microsoft customers will get patches to repair critical security holes in Office and Office Web components.
In the monthly Patch Tuesday preview on its TechNet site, the software giant said it would release four critical fixes affecting Office 2000, Office Excel 2000 and Outlook.
Microsoft said the patches were rated critical since an attacker could successfully exploit the vulnerabilities remotely and execute code.
The company will also update its malicious software removal tool and offer a Webcast so customers can ask questions or air concerns.
Last month, vulnerability management experts said IT administrators should place the highest urgency on patches for Microsoft Office and Internet Explorer, given the wide attack surface those programs provide.
Microsoft released 11 security updates in February, six of them for critical flaws attackers could exploit to take complete control of targeted machines. Six of the security updates fixed critical vulnerabilities in Windows, Office, Visual Basic and Internet Explorer:
In his monthly security column, Bill Sisk, the response communication manager for the Microsoft Security Response Center (MSRC), explained why some fixes that repaired potential remote code execution vulnerabilities, were not rated critical. In February, five of the security updates were rated "important" to repair flaws in Windows, Office and Microsoft Works.
"When they are rated as Important, there are mitigating circumstances that lower the threat. For example, a particular technology that is affected may not be enabled or installed on the system by default," Sisk said.
In February a flaw in Windows Server 2003 was rated lower than other versions of the product because the vulnerable service may be turned off by default, Sisk said. "Also, Windows Server 2003 runs in a restricted mode, which is known as Enhanced Security Configuration and can lower the severity."
|
