Microsoft issued two critical bulletins Tuesday, correcting two serious vulnerabilities in Outlook Express and Visual Basic that could be exploited remotely to gain accesss to sensitive data.
The software giant issued the patches as part of its regular monthly patch schedule.
MS10-031 repairs a critical vulnerability in Microsoft Visual Basic for Applications (VBA). The tool is used by developers to build third-party tools into processes that run various Microsoft Office applications. The flaw is crticial for VBA SDK 6.0 and third-party applications that use Microsoft VBA.
The memory corruption vulnerability enables an attacker to execute code remotely and could result in taking full control of a victim's machine. An attacker would need to get a user to open a file that forces the application to send malicious code to VBA at runtime. Microsoft gave it an important rating for versions of Office XP, Office 2003 and Office 2007.
Patch management experts agreed that the Visual Basic vulnerability had the biggest impact, affecting all versions of Microsoft Office, although writing exploit code targeting the flaw will be difficult for attackers.
"While the bulletin only carries a severity of "important" [for versions of Office XP, Office 2003 and Office 2007] we consider it to be the more urgent of today's release," said Wofgang Kandek, chief technology officer of vulnerability management vendor Qualys Inc, based in Redwood Shores, Calif.
Microsoft also addressed a critical vulnerability that affects the way the Windows Mail Client authenticates mail responses. MS10-030 addresses a vulnerability in Outlook Express, Windows Mail and Windows Live Mail running on Windows 2000, XP, Vista and Windows Server 2003 and 2008. An attacker would need to trick a user into visiting a malicious email server to pull off the attack. Sending malicious code could force the mail client to not require authentication. If successfully exploited, the vulnerability could enable the attacker to gain the same user rights as the local user.
"To successfully take advantage of this vulnerability, an attacker would either have to host a malicious mail server or compromise a mail server. Or, an attacker could perform a man-in-the-middle attack and attempt to alter responses to the client," Jerry Bryant, group manager of response communications for the Micrososft Security Response Center, wrote in the MSRC blog. "Heap mitigations built into Windows Vista and newer operating systems make exploitation of this vulnerability unlikely."
Microsoft SharePoint remains vulnerable
A cross-site scripting (XSS) vulnerability affecting SharePoint Server 2007 and SharePoint Services 3.0 remains vulnerable to remote attacks. Proof-of-concept code is publicly available targeting the zero-day vulnerability. Bryant said Microsoft engineers are still developing and thoroughly testing a fix.