Press Releases

Browse our press release archive

15 Mar 2006

Companies urged to patch as Microsoft issues fixes for Office and Windows

Users of Microsoft Office for both Windows and Macintosh should ensure they are protected

Microsoft has described one of the vulnerabilities as critical
Microsoft has described one of the vulnerabilities as critical.

As part of its monthly patch distribution, Microsoft has issued two new security updates, one of which is categorized as critical. The most serious vulnerability affects versions of Microsoft Office (both on Windows and Apple Macintosh computers) and, if left unpatched, could allow hackers to run malicious code on unprotected computers.

The more serious vulnerability (MS06-012 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution) affects Microsoft Office (2000, XP, 2003, X for Mac, 2004 for Mac), Word (2000, 2002), Excel (2000, 2002, 2003, 2003 Viewer, X for Mac, 2004 for Mac), Outlook (2000, 2002), PowerPoint (2000, 2002), Works Suite (2000 onwards).

Standalone versions of Microsoft Excel Viewer (2000, 2002), Word 2003, Outlook 2003 and PowerPoint 2003 are said not to be affected.

"Every month Microsoft releases security patches for its software - and it's often a race against time for companies to roll these patches out across their business before a hacker takes advantage of the vulnerability," said Graham Cluley, senior technology consultant at Sophos. "A security hole which allows hackers with malicious intentions to run code on Windows or Apple Mac computers is very serious, and all affected users should ensure they have defended their systems."

The other vulnerability announced by Microsoft affects systems running Windows XP SP1 and Windows Server 2003, and can cause a privilege escalation, allowing a user with an existing login account that is configured with limited privileges to gain full control over a system.

Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for critical Microsoft security vulnerabilities.

Sophos suggests that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.

Sophos continues to recommend companies protect their desktops and servers with automatically updated anti-virus protection.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.