Flaw in New Microsoft Office Security

According to news by Computerweekly on June 14, 2007, on June 13, 2007, Symantec has cautioned of a new security threat with vulnerability code for MS Office just after a day when Microsoft corrected 15 security holes across its product base.

The update released by Microsoft on June 12, 2007 was to correct vulnerability in Microsoft's Visio software and Office. This flaw could let the hackers to control an infected PC remotely. There is another flaw in Microsoft Windows that could lead to information exposure and will be solved by update in next week.

According to news by Informationweek on June 12, 2007, Symantec Security Response ranked the flaws in Cumulative Security Update for IE (Internet Explorer) as the most serious because two out of five flaws given in this security bulletin attack IE 7.0 on Windows Vista.

May be hackers will misuse it through IE to run malevolent codes or cause DoS (Denial of Service) on targeted systems. Microsoft has reported that it is looking through the matter and will surely come up with the solution of the flaw.

Computerweekly published news on June 14, 2007 reporting Symantec saying that the problem arises when a large amount of data is transferred to the ActiveX control. Hackers use this device cautiously and install arbitrary code in the name of application using the ActiveX control (purely Internet Explorer). The failed exploits likely result in DoS condition.

Microsoft has offered the users two months duration for testing the application compatibility. It is also planning to bring in market a non-security update for Microsoft Windows and two updates for Windows Server. Though all the updates are termed as 'high priority', but the officials of Microsoft did not provide further information on it.

Security Program Manager for Microsoft Security Response Centre (MSRC), Mark Griesi, confirmed in an email that Microsoft is working for the solution of the new vulnerability report.

According to the news by Computerweekly on June 14, 2007, Mark said that Microsoft is examining the public claims of a flaw in MS Office. He also added that they did not have any information regarding the use of claimed vulnerability or of the impact on customer. He also reported that the officials would take serious actions for the protection of users against hackers.

This new flaw report also follows the latest trend where new flaws were revealed immediately after Microsoft released monthly patches on June 12, 2007.

Related article: Flaw For PayPal Website, Opportunity For Fraudsters

» SPAMfighter News - 6/30/2007