Apple Mac and Windows users warned of Microsoft security vulnerabilities which could lead to hacker attack

March 12, 2008 Sophos Press Release

Microsoft has rated the security bulletins as 'critical'
Microsoft has rated the security bulletins as 'critical'.

Experts at Sophos have advised Windows and Apple Mac users to take heed of a warning issued by Microsoft of critical security flaws in its Microsoft Office products.

As part of its monthly "Patch Tuesday" schedule Microsoft has issued a number of bulletins about 12 security vulnerabilities in its software. Seven of the vulnerabilities affect Microsoft Excel, and could allow a hacker to gain remote control over a user's computer by a maliciously crafted spreadsheet. Alarmingly, the vulnerability is not just found in the Windows version of Microsoft Excel, but also for Mac Office 2004 and the recently released Office 2008 for Macintosh.

Sophos experts note that the Excel flaws were discovered in January, and recommends that organizations roll-out the patches as a matter of urgency, as some of them could enable hackers to access data on a vulnerable PC or Macintosh, or run malicious code such as a worm.

"Windows users may be fairly accustomed to installing patches from Microsoft - but this a timely reminder that Apple Mac users need to be just as diligent when it comes to matters of computer security," said Graham Cluley, senior technology consultant at Sophos. "Whether you run a PC or a Mac it's important to take these latest security bulletins from Microsoft seriously and ensure that your business is properly protected."

Other flaws detailed in the Microsoft security bulletins affect other components of the Microsoft Office product suite.

Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for Microsoft security vulnerabilities.

Sophos suggests that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.

Sophos continues to recommend companies protect their desktops and servers with automatically updated protection against viruses, spyware, hackers, and spam.