Patch Tuesday Plugs 12 Holes in Microsoft Office

March 12th, 2008

On Patch Tuesday, Microsoft fixed 12 vulnerabilities in four security bulletins. Every one of them fixes bugs in Microsoft Office.Included is a fix for the zero-day remote-code vulnerability in Excel. The exploit was made public in January and is corrected by the MS08-014 patch that addresses seven vulnerabilities in Excel. The other patches, MS08-015, MS08-016 and MS08-017, address issues in Outlook, Office and Office Web Components, respectively.

All the security bulletins are serious, but the Office Web Components patch stands out because these ActiveX components are widely distributed and relatively easy to exploit, according to Ben Greenbaum, senior research manager for Symantec Security Response. Symantec has observed attackers continuing to target Web plug-ins to quickly and quietly install malicious code.

“While browser plug-ins of all kinds represent an increasingly attractive vector for attackers, the security of other nonnetwork-facing applications is still a relevant issue as well,” Greenbaum said. “With seven vulnerabilities being addressed in the Microsoft Excel patch, it’s clear that users need to keep all software patched and up to date. Additionally, full-featured security software can protect users from attacks against some vulnerabilities well in advance of the availability of patches.”

Click here to read the rest of this story on Newsfactor.

Entry Filed under: Hot off the Press