Skip to main content

Microsoft Patches Six ''Critical'' Office Flaws, Just One For Windows

Article Reads:7654

Jack Writes: Microsoft’s Patch Tuesday has just passed, and once again, the company from Redmond has offered the image of a Microsoft Office for which the number of patched flaws and discovered vulnerabilities exceeds by far the number of non-security related upgrades.

Thus, the two patches issued by Microsoft addressed six Office flaws, dubbed “critical” by the company, and one less significant but still important Windows flaw.

As BetaNews reports, the patch dealing with the Office vulnerability contained fixes for five issues within Excel, including malformed range, file format parsing, description, graphic and record flaws. In each case, an attacker could take complete control of an affected system if the user was logged in as an administrator.

Microsoft also fixed a flaw that occurs when using a malformed routing slip within an Office document. Remote code execution as well as a complete system takeover would also be possible through this vulnerability.

The Windows patch was for a vulnerability discovered by a pair of Princeton Researchers. In computers running either Windows Server 2003 without the service pack or Windows XP SP1, a privilege vulnerability flaw exists that would allow an attacker to easily find privilege escalation vulnerabilities in third-party applications.

Proof of concept code for this flaw was released publicly one month ago, and detailed how ACLs -- short for access control lists -- could be exploited. These tables of data tell the computer what rights a user has for each system object.

However, coding errors resulted in vulnerabilities that allow these lists to be bypassed by attackers.

As it usually does, the company recommended all its users to update as soon as possible, either by Windows Update or the built-in Automatic Updates feature.


Your IP address:

35.173.48.18

All-in-one protection for Microsoft 365

All-in-one protection for Microsoft 365

Free NIS2 Compliance Directive Webinar

EU Network and Information Security (NIS2) Compliance Directive

FREE Hyper-V & VMware Backup

FREE Hyper-V & VMware Backup

Wi-Fi Key Generator

Generate/Crack any
WEP, WPA, WPA2 Key!

Network and Server Monitoring

Network and Server Monitoring

Follow Firewall.cx

Cisco Password Crack

Decrypt Cisco Type-7 Passwords on the fly!

Decrypt Now!

Bandwidth Monitor

Zoho Netflow Analyzer Free Download

Free PatchManager

Free PatchManager

EventLog Analyzer

ManageEngine Eventlog Analyzer

Security Podcast

Hornet-Security-The-Swarm-Podcast

Firewall Analyzer

zoho firewall analyzer