News Stay informed about the latest enterprise technology news and product updates.

Microsoft to issue critical fixes for Office, Excel and Outlook

Microsoft released its advance notice, announcing upcoming fixes for critical security holes in Office and Office Web components.

Microsoft customers will get patches to repair critical security holes in Office and Office Web components.

February Microsoft updates:
Install Microsoft Office and IE patches first, experts say: After digesting 11 security updates Microsoft released Tuesday, security experts urged IT shops to act first on the patches for critical Office and IE flaws.    

Inside MSRC: Microsoft outlines Internet Explorer flaws
: Microsoft's Bill Sisk explains the Internet Explorer critical flaws being addressed in this month's batch of security updates.

In the monthly Patch Tuesday preview on its TechNet site, the software giant said it would release four critical fixes affecting Office 2000, Office Excel 2000 and Outlook.

Microsoft said the patches were rated critical since an attacker could successfully exploit the vulnerabilities remotely and execute code.

The company will also update its malicious software removal tool and offer a Webcast so customers can ask questions or air concerns.

Last month, vulnerability management experts said IT administrators should place the highest urgency on patches for Microsoft Office and Internet Explorer, given the wide attack surface those programs provide.

Microsoft released 11 security updates in February, six of them for critical flaws attackers could exploit to take complete control of targeted machines. Six of the security updates fixed critical vulnerabilities in Windows, Office, Visual Basic and Internet Explorer:

In his monthly security column, Bill Sisk, the response communication manager for the Microsoft Security Response Center (MSRC), explained why some fixes that repaired potential remote code execution vulnerabilities, were not rated critical. In February, five of the security updates were rated "important" to repair flaws in Windows, Office and Microsoft Works.

"When they are rated as Important, there are mitigating circumstances that lower the threat. For example, a particular technology that is affected may not be enabled or installed on the system by default," Sisk said.

In February a flaw in Windows Server 2003 was rated lower than other versions of the product because the vulnerable service may be turned off by default, Sisk said. "Also, Windows Server 2003 runs in a restricted mode, which is known as Enhanced Security Configuration and can lower the severity."

Dig Deeper on Microsoft Windows security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.