Microsoft has rated the security bulletins as 'critical'.
Experts at Sophos have advised Windows and Apple Mac users to
take heed of a warning issued by Microsoft of critical security
flaws in its Microsoft Office products.
As part of its monthly "Patch Tuesday" schedule Microsoft has
issued a number of bulletins about 12 security vulnerabilities in
its software. Seven of the vulnerabilities affect Microsoft Excel,
and could allow a hacker to gain remote control over a user's
computer by a maliciously crafted spreadsheet. Alarmingly, the
vulnerability is not just found in the Windows version of Microsoft
Excel, but also for Mac Office 2004 and the recently released
Office 2008 for Macintosh.
Sophos experts note that the Excel flaws were discovered in
January, and recommends that organizations roll-out the patches as
a matter of urgency, as some of them could enable hackers to access
data on a vulnerable PC or Macintosh, or run malicious code such as
"Windows users may be fairly accustomed to installing patches
from Microsoft - but this a timely reminder that Apple Mac users
need to be just as diligent when it comes to matters of computer
security," said Graham
Cluley, senior technology consultant at Sophos. "Whether you
run a PC or a Mac it's important to take these latest security
bulletins from Microsoft seriously and ensure that your business is
Other flaws detailed in the Microsoft security bulletins affect
other components of the Microsoft Office product suite.
Home users of Microsoft Windows can visit update.microsoft.com to have
their systems scanned for Microsoft security vulnerabilities.
Sophos suggests that every IT manager responsible for security
should consider subscribing to vulnerability mailing lists such as
that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos continues to recommend companies protect their desktops
and servers with automatically updated
protection against viruses, spyware, hackers, and spam.