Microsoft to issue critical fixes for Office, Excel and Outlook

By SearchSecurity.com Staff 06 Mar 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Microsoft customers will get patches to repair critical security holes in Office and Office Web components.

February Microsoft updates: Install Microsoft Office and IE patches first, experts say: After digesting 11 security updates Microsoft released Tuesday, security experts urged IT shops to act first on the patches for critical Office and IE flaws.     Inside MSRC: Microsoft outlines Internet Explorer flaws: Microsoft's Bill Sisk explains the Internet Explorer critical flaws being addressed in this month's batch of security updates.

In the monthly Patch Tuesday preview on its TechNet site, the software giant said it would release four critical fixes affecting Office 2000, Office Excel 2000 and Outlook.

Microsoft said the patches were rated critical since an attacker could successfully exploit the vulnerabilities remotely and execute code.

The company will also update its malicious software removal tool and offer a Webcast so customers can ask questions or air concerns.

Last month, vulnerability management experts said IT administrators should place the highest urgency on patches for Microsoft Office and Internet Explorer, given the wide attack surface those programs provide.

Microsoft released 11 security updates in February, six of them for critical flaws attackers could exploit to take complete control of targeted machines. Six of the security updates fixed critical vulnerabilities in Windows, Office, Visual Basic and Internet Explorer:

In his monthly security column, Bill Sisk, the response communication manager for the Microsoft Security Response Center (MSRC), explained why some fixes that repaired potential remote code execution vulnerabilities, were not rated critical. In February, five of the security updates were rated "important" to repair flaws in Windows, Office and Microsoft Works.

"When they are rated as Important, there are mitigating circumstances that lower the threat. For example, a particular technology that is affected may not be enabled or installed on the system by default," Sisk said.

In February a flaw in Windows Server 2003 was rated lower than other versions of the product because the vulnerable service may be turned off by default, Sisk said. "Also, Windows Server 2003 runs in a restricted mode, which is known as Enhanced Security Configuration and can lower the severity."

Tags: Windows Security: Alerts, Updates and Best Practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Security: Alerts, Updates and Best Practices Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending Attackers target Microsoft IIS; new SMB flaw discovered Microsoft repairs Windows media, TCP/IP vulnerabilities Microsoft five critical updates won't include IIS

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BotHunter  (SearchSecurity.com) principle of least privilege (POLP)  (SearchSecurity.com) security identifier  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary