Microsoft Patches 8 Vulnerabilities with 2 Updates
On March 9, 2010, software giant 'Microsoft' issued twin security bulletins that take care of eight security flaws in its Office and Windows products. The company, which rated both the bulletins as "important," said that the security updates dealt with problems that relied on Web-users clicking a maliciously designed file. Attack vectors based on networks were absent.
The reports state that the first patch plugs a single loophole in Windows Movie Maker that could enable a remote attacker executes malware on a vulnerable system. But for that, the attacker should craft a malevolent Producer Media or Movie Maker file and transmit it to the victim's PC through an e-mail. This will infect that PC with malware as the user clicks on the file.
Jerry Bryant, Senior Security Communications Manager at Microsoft, states that both Windows Vista version 6.0 and Windows XP version 2.1 are vulnerable. Version 2.6 is also flawed, but can be downloaded or installed for free from its website, as reported by CNet News on March 9, 2010.
Bryant further adds that consumers who download version 2.6 on Windows 7 or other supported platforms can use the patch.
Moreover, the second patch addresses 7 vulnerabilities in all Excel versions of Office 2008, Office 2004 running on Mac; Mac's XML File Format Converter; Excel Viewer's supported versions; and SharePoint 2007. By exploiting the vulnerabilities, hackers can execute malware attacks provided a victim can be made to view a contaminated Excel file.
Explaining the flaws' criticality, Microsoft's specialists stated that despite the "important" rating given to the bulletins based on the Microsoft Exploitability Index, they were rated 1. This implied that the attackers would find the vulnerabilities attractive targets and therefore would continuously exploit them.
In the security update, Microsoft also included its Producer 2003 into the list of vulnerable products, but missed out updating it. Consequently, Producer 2003 is described as a free downloadable file, yet one with restricted distribution. Nevertheless, Microsoft advised consumers to remove the software, or keep the related type of project file off the software with the help of Microsoft-Fix-It as defense against a possible attack.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 16-03-2010