|
| Microsoft has described one of the
vulnerabilities as critical. |
As part of its monthly patch distribution, Microsoft has issued
two new security updates, one of which is categorized as critical.
The most serious vulnerability affects versions of Microsoft Office
(both on Windows and Apple Macintosh computers) and, if left
unpatched, could allow hackers to run malicious code on unprotected
computers.
The more serious vulnerability (MS06-012 - Vulnerabilities in
Microsoft Office Could Allow Remote Code Execution) affects
Microsoft Office (2000, XP, 2003, X for Mac, 2004 for Mac), Word
(2000, 2002), Excel (2000, 2002, 2003, 2003 Viewer, X for Mac, 2004
for Mac), Outlook (2000, 2002), PowerPoint (2000, 2002), Works
Suite (2000 onwards).
Standalone versions of Microsoft Excel Viewer (2000, 2002), Word
2003, Outlook 2003 and PowerPoint 2003 are said not to be
affected.
"Every month Microsoft releases security patches for its
software - and it's often a race against time for companies to roll
these patches out across their business before a hacker takes
advantage of the vulnerability," said Graham Cluley, senior
technology consultant at Sophos. "A security hole which allows
hackers with malicious intentions to run code on Windows or Apple
Mac computers is very serious, and all affected users should ensure
they have defended their systems."
The other vulnerability announced by Microsoft affects systems
running Windows XP SP1 and Windows Server 2003, and can cause a
privilege escalation, allowing a user with an existing login
account that is configured with limited privileges to gain full
control over a system.
Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for
critical Microsoft security vulnerabilities.
Sophos suggests that every IT manager responsible for security
should consider subscribing to vulnerability mailing lists such as
that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos continues to recommend companies protect their desktops
and servers with automatically updated
anti-virus protection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.