Microsoft patches seven holes
Published: 15 Mar 2006 09:45 GMT
As part of its monthly patch cycle, Microsoft on Tuesday released fixes for six security holes in Office and one flaw in Windows.
Five of the six vulnerabilities in Office are specific to Excel. The most serious flaws could allow an attacker to gain control over a vulnerable PC running the application, Microsoft said in Security Bulletin MS06-012. In all cases, the miscreant would have to persuade the user to open a malformed Excel file, the software maker said.
The sixth problem affects a range of Office applications, including some versions of Word, Outlook and PowerPoint. Microsoft deems the Office security issues "critical". "We recommend that customers apply the update immediately," the company said in its bulletin.
Microsoft's second update deals with an operating system issue that affects Windows XP with Service Pack 1 and Windows Server 2003. The vulnerability could enable someone who already has limited user privileges on a vulnerable computer to gain admin rights, Microsoft said in Security Bulletin MS06-011.
The Windows flaw and two of the Excel vulnerabilities had been previously disclosed, Microsoft said. However, the company added that it has not seen any attacks that take advantage of the holes.
Full Talkback thread
1 comment












