News Stay informed about the latest enterprise technology news and product updates.

Spate of vulnerabilities affect Microsoft business apps

Microsoft released several new security alerts and patches on Wednesday that address vulnerabilities in its desktop and business applications.

Microsoft isn't getting off on the right foot in September, releasing a rash of vulnerability advisories and numerous patches Wednesday for many popular versions of desktop and business applications.

The most critical vulnerability is titled "Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution" (MS 03037). Microsoft provided few details about the actual vulnerability, but says the flaw is dangerous and users of affected software should apply patches immediate.

Affected software includes Access (97/2000/2002), Excel (97/2000/2002), PowerPoint (97/2000/2002), Project (2000/2002), Publisher 2002, Visio (2000/2002), Word (97/98(J)/2000/2002), Works Suite (2001/2002/2003) and several versions of Microsoft Business solutions. Microsoft cautions users to check the patch before installing, since there are different patches for each application.

Also affecting popular word processing applications are two important vulnerability advisories: "Flaw in Word Could Enable Macros to Run Automatically" (MS 03035) and "Buffer Overrun in WordPerfect Converter Could Allow Code Execution" (MS 03036).

Microsoft is advising users to patch affected software immediately to prevent exploitation of a macro virus targeting vulnerable versions of the popular word processor. Affected versions include: Word 97/98(J)/2000/2002 and Works Suite 2001/2002/2003.

The WordPerfect converter flaw is equally important, since it could allow an attacker to run code on a target system. Affected software includes Office (97/2000/XP), Word 98(J), FrontPage 2002, Publisher 2000 and Works Suite (2001/2002/2003).

A second buffer overflow vulnerability is affecting version of the Access database solution. "Unchecked Buffer Overflow in Microsoft Access Snapshot Viewer Could Allow Code Execution" (MS 03038) is rated as a moderate vulnerability that affects Access (97/2002/2002) and the downloadable Access Snapshot Viewer. A patch is available.

Microsoft's operating system didn't escape this round of security problems. "Flaw in NetBIOS Could Lead to Information Disclosure" (MS 03034) is rated as a low priority, but it could cause some serious security problems.

Under certain conditions, a NetBT query used to pass datagrams between networked devices will return not only machine address information, but pieces of data from the target machine's memory. The data leakage is completely random, but an attacker could use a series of queries to capture critical information. A patch is available, but Microsoft also recommends closing port 137 to prevent exploitation from the Internet.

FOR MORE INFORMATION: news exclusive: "New critical holes in Windows detailed" Ask the Experts

Microsoft security bulletin MS03-034

Microsoft security bulletin MS03-035

Microsoft security bulletin MS03-036

Microsoft security bulletin MS03-037

Microsoft security bulletin MS03-038

Dig Deeper on Microsoft Windows security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.