Microsoft Patches Office, Windows Flaws

by CXOtoday Staff    Mar 16, 2006

As part of its Tuesday Patch release, Microsoft has issued its updated monthly patch cycle for Windows and Microsoft Office.

Six Office flaws - rated ‘critical’ by the Redmond company, and one less significant Windows flaw have been addressed with the patches.

This more serious Office update resolves several newly discovered, privately reported and public vulnerabilities. The vulnerability affects Office for Windows and Apple’s OS X, dealing with five issues related to Excel, which include malformed range, file format parsing, description, graphic and record flaws, which could allow an attacker to take control of a system through a specially crafted Excel readsheet. However, the user would have to manually open the file to become infected.

It affects Microsoft Office (2000, XP, 2003, X for Mac, 2004 for Mac), Word (2000, 2002), Excel (2000, 2002, 2003, 2003 Viewer, X for Mac, 2004 for Mac), Outlook (2000, 2002), PowerPoint (2000, 2002), Works Suite (2000 onwards).

The Windows flaw affects systems running Windows XP SP1 and Windows Server 2003. It could cause a privilege escalation, allowing a user with an existing login account configured with limited privileges to gain full control of a system.

Microsoft also issued a security advisory alerting users to an update to Adobe published in its Macromedia Flash Player - a software bundled with Windows.