• Promo: B.Sc. Info Systems, Trinity

    IT workers face the challenge of developing their communications, business and management skills.
    » more

  • Apple sets high bar for competition

    The new Macbook shows Apple's strength in software and hardware design.
    » more

  • Web Pick: Better Gmail V2

    Just because Google loves ugly, it doesn't mean that you have to live with it.
    » more

SECURITY

Patch Tuesday focuses on Office

12-03-2008

by Ciara O'Brien

It was a Patch Tuesday to remember for Microsoft users, with the software giant releasing four software updates in its monthly security bulletin, each rated critical.

This time around, Office was the dubious star of the show with all 12 vulnerabilities found in Microsoft's productivity suite of software. One of the updates fixed a flaw in Excel that malicious users have been targeting for two months. The bug affects those using Excel 2000, 2002 and 2003, and Service Pack 2. Excel 2007 and 2003 Service Pack 3 are not being affected by the vulnerability.

"This security update resolves several privately-reported and publicly-reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially-crafted Excel file," Microsoft said in its security bulletin.

"An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

Critical patches for Outlook, Office 2000 and web components of Office were also included in the security bulletin. The Outlook vulnerability could allow remote code execution through a "mailto" web link, allowing malicious users to take control of a PC and install unauthorised software, create new users accounts and change or delete data.

Serious vulnerabilities in Office and in the Office Web Components controls used by products such as BizTalk Server, Office, Commerce Server, and the Internet Security and Acceleration (ISA) Server were also fixed in the monthly update.

"One of the big challenges facing Microsoft and end users is that as they focus more effort into making the operating systems secure, malware authors will move into another area to find vulnerabilities," said Conor Flynn, technical services director at security firm Rits, speaking with ENN. "There will be more and more exploits developed at the application layer than at the OS layer."

The latest update come a month after the tech giant released six critical patches for its software. This latest batch, though hefty, doesn't even come close to the bumper crop of patches released during 2007, however. Security bulletins hit highs of 20 vulnerabilities and 12 patches in February, and 14 flaws in August fixed by nine patches. Eight of the August security holes were rated as "critical".

Click here to make ENN your home page
Sign Up for FREE ENN Newsletters

VIDEO REVIEW

Dell not dull; sees red
Dell adds a splash of colour to its latest laptop range, but is this enough, or do consumers want an edgier look? » Read more

ENN CORPORATE

Complete copywriting services
Do you need skilled writers to put together compelling prose for your company? Why not check out the new-look corporate services site from ENN and see how we can put our skills to your use. » Read more

  • Hosted by TeleCity

SUBSCRIBE

Not a member yet?
Sign up free, click here
To change your ENN Newsletter and alerts preferences here

WHO'S WHO IN PR

Full listing of Irish PR firms, including high-tech specialists. » Click here