Security news
Security news15 March 2006
Companies urged to patch as Microsoft issues fixes for Office and Windows Users of Microsoft Office for both Windows and Macintosh should ensure they are protected
 |
| Microsoft has described one of the vulnerabilities as critical. |
As part of its monthly patch distribution, Microsoft has issued two new security updates, one of which is categorized as critical. The most serious vulnerability affects versions of Microsoft Office (both on Windows and Apple Macintosh computers) and, if left unpatched, could allow hackers to run malicious code on unprotected computers.
The more serious vulnerability (MS06-012 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution) affects Microsoft Office (2000, XP, 2003, X for Mac, 2004 for Mac), Word (2000, 2002), Excel (2000, 2002, 2003, 2003 Viewer, X for Mac, 2004 for Mac), Outlook (2000, 2002), PowerPoint (2000, 2002), Works Suite (2000 onwards).
Standalone versions of Microsoft Excel Viewer (2000, 2002), Word 2003, Outlook 2003 and PowerPoint 2003 are said not to be affected.
"Every month Microsoft releases security patches for its software - and it's often a race against time for companies to roll these patches out across their business before a hacker takes advantage of the vulnerability," said Graham Cluley, senior technology consultant at Sophos. "A security hole which allows hackers with malicious intentions to run code on Windows or Apple Mac computers is very serious, and all affected users should ensure they have defended their systems."
The other vulnerability announced by Microsoft affects systems running Windows XP SP1 and Windows Server 2003, and can cause a privilege escalation, allowing a user with an existing login account that is configured with limited privileges to gain full control over a system.
Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for critical Microsoft security vulnerabilities.
Sophos suggests that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos continues to recommend companies protect their desktops and servers with automatically updated anti-virus protection.
When considering your anti-malware security vendor, what is more important to you?
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
