Apple Mac and Windows users warned of Microsoft security vulnerabilities which could lead to hacker attack

Sophos Press Release

Seven flaws discovered in both Mac and Windows versions of Microsoft Office

Microsoft has rated the security bulletins as 'critical'
Microsoft has rated the security bulletins as 'critical'.

Experts at Sophos have advised Windows and Apple Mac users to take heed of a warning issued by Microsoft of critical security flaws in its Microsoft Office products.

As part of its monthly "Patch Tuesday" schedule Microsoft has issued a number of bulletins about 12 security vulnerabilities in its software. Seven of the vulnerabilities affect Microsoft Excel, and could allow a hacker to gain remote control over a user's computer by a maliciously crafted spreadsheet. Alarmingly, the vulnerability is not just found in the Windows version of Microsoft Excel, but also for Mac Office 2004 and the recently released Office 2008 for Macintosh.

Sophos experts note that the Excel flaws were discovered in January, and recommends that organizations roll-out the patches as a matter of urgency, as some of them could enable hackers to access data on a vulnerable PC or Macintosh, or run malicious code such as a worm.

"Windows users may be fairly accustomed to installing patches from Microsoft - but this a timely reminder that Apple Mac users need to be just as diligent when it comes to matters of computer security," said Graham Cluley, senior technology consultant at Sophos. "Whether you run a PC or a Mac it's important to take these latest security bulletins from Microsoft seriously and ensure that your business is properly protected."

Other flaws detailed in the Microsoft security bulletins affect other components of the Microsoft Office product suite.

Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for Microsoft security vulnerabilities.

Sophos suggests that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.

Sophos continues to recommend companies protect their desktops and servers with automatically updated protection against viruses, spyware, hackers, and spam.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.