- Bank Web sites full of security holes
- SCO Group: Its future is all used up
- Maligned feature being added to IPv6
- I returned my iPhone 3G after six days!
- VPNs: Six burning questions
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
With online attackers taking advantage of holes in its Office software, Microsoft plans to release seven software patches next week.
Four of the updates will fix bugs in Windows, while another three will address flaws in Microsoft Office, Microsoft said Thursday in a bulletin on its Web site. Both sets of patches will address critical flaws, which attackers could exploit to run unauthorized code on a PC without any user action.
The patches will be released on July 11 as part of Microsoft's regularly scheduled monthly security updates. Microsoft's advance note on the updates can be found here.
The new software will likely fix a number of publicly reported vulnerabilities in Office, some of which concern Excel, said Gunter Ollmann, director of Internet Security Systems' X-Force threat analysis service.
Last month, Microsoft confirmed that it was investigating three issues that relate to Office, following reports that hackers had launched a targeted attack, against an unnamed government contractor, that took advantage of a bug in its Excel spreadsheet software.
Two of the bugs could be used to compromise a PC, but they would first require user action like opening a malicious document and clicking on hyperlinks. The third appears to be less critical, but it could be used to run an unauthorized ActiveX control, Microsoft said.
On Thursday another bug was added to the mix with security vendor Secunia warning of a flaw affecting Asian language versions of Excel. As with the other bugs, victims would need to be tricked into doing a little work before compromising their systems, but if this were to happen, attackers could run their malicious software on the PC, Secunia said.
More details on this latest flaw can be found here.
The seven patches may keep system administrators busy next week, but not as busy as they were in June. Last month Microsoft released 12 security updates.
Rss FeedRss Feed
If the IT manager is knowledgeable regarding Cisco technology, he would have 2 options. Option 1 - Consult...- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment