|Microsoft has described one of the vulnerabilities as critical.|
As part of its monthly patch distribution, Microsoft has issued two new security updates, one of which is categorized as critical. The most serious vulnerability affects versions of Microsoft Office (both on Windows and Apple Macintosh computers) and, if left unpatched, could allow hackers to run malicious code on unprotected computers.
The more serious vulnerability (MS06-012 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution) affects Microsoft Office (2000, XP, 2003, X for Mac, 2004 for Mac), Word (2000, 2002), Excel (2000, 2002, 2003, 2003 Viewer, X for Mac, 2004 for Mac), Outlook (2000, 2002), PowerPoint (2000, 2002), Works Suite (2000 onwards).
Standalone versions of Microsoft Excel Viewer (2000, 2002), Word 2003, Outlook 2003 and PowerPoint 2003 are said not to be affected.
"Every month Microsoft releases security patches for its software - and it's often a race against time for companies to roll these patches out across their business before a hacker takes advantage of the vulnerability," said Graham Cluley, senior technology consultant at Sophos. "A security hole which allows hackers with malicious intentions to run code on Windows or Apple Mac computers is very serious, and all affected users should ensure they have defended their systems."
The other vulnerability announced by Microsoft affects systems running Windows XP SP1 and Windows Server 2003, and can cause a privilege escalation, allowing a user with an existing login account that is configured with limited privileges to gain full control over a system.
Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for critical Microsoft security vulnerabilities.
Sophos suggests that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos continues to recommend companies protect their desktops and servers with automatically updated anti-virus protection.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.