ElectricNews.net:News:Security flaws in Office are exposed

ADS & MARKETING

APPOINTMENTS

BUSINESS

E-COMMERCE

E-GOVERNMENT

FACE TO FACE

FRIDAY IN FOCUS

HOME & GADGETS

INTERNET & TELECOMS

INVESTMENT

MARKETS

OPINION

ROUNDUPS

SECURITY

WIRELESS

CORRECTIONS

Let us know how to make ENN better!
Take our reader's survey.

UTV Internet - all Ireland flat rate internet access

Who Wants Broadband?
Ireland still offers relatively little in the way of affordable, high-speed, always-on Internet access. But recent surveys suggest Ireland's population may not be clamouring for broadband.

::SECURITY

Security flaws in Office are exposed
Friday, August 23 2002
by Matthew Clark

Send story to a friend

Print this story

Microsoft has said that newly discovered flaws in its Office software products could put users at risk of serious computer attacks.

According to the company's "critical" security bulletin, flaws in its Office software, in combination with flaws in its Internet Explorer Web browser, could give malicious attackers the ability to view or alter Office files, or even wipe out users' hard drives altogether.

"This vulnerability could enable an attacker to run arbitrary commands on another user's system. By doing so, the attacker would be able to take any action that a user could take, including but not limited to loading and running programs, altering data on the system, reformatting the hard drive, or changing the security settings," Microsoft said.

The Office-related programs vulnerable to attacks include Microsoft Office 2000, Office XP, Money 2002, Money 2003 and Project 2002, as well as server software related to such client software, Microsoft added.

The company also said these kinds of attacks could be performed either through Web pages or through e-mail. Since over 100 million people use Office globally, the risk of attack is thought to be significant. More information and a patch for this flaw can be found on the Microsoft Web site.

Also this week, Microsoft revealed vulnerabilities in the three latest versions of its Internet Explorer browser software that could let attackers read files. These bugs can also be fixed by downloading software patches from Microsoft's TechNet Web site.

These newest flaws follow revelations just last week regarding security gaps in Internet Explorer and a complementary encryption program, which security experts said could expose credit card and other sensitive information to would-be attackers. With these most recent warnings, the company has now admitted to around 30 vulnerabilities in its software this year.

Meanwhile, Microsoft, often criticised for what technical experts consider to be a lack of adequate security in its products, is in the midst of convincing users that security its one of its top concerns. Earlier in 2002, the business launched a "trustworthy computing" campaign, which has cost an estimated USD100 million so far this year.

:: Discuss this story - Click here

:: MORE NEWS from SECURITY

Read a roundup of the top tech stories with our Weekly Digest .

Search Jobs on ENN
Post your CV
Hiring? Use 'Post a Job'