February looks to be a busy month for Microsoft administrators. According to the latest advanced patch notification, the Redmond-based software company plans to release a dozen security bulletins next Tuesday. The bulletins will fix security flaws in Windows, Internet Explorer (IE), Office, the .NET Framework, and Exchange server. Microsoft rates five of the bulletins … [Read more...]
Windows Updates Include .NET and MSXML Fixes
Severity: High Summary: These vulnerabilities affect: All current versions of Windows and components that often ship with it (like XML Core Services and the .NET Framework). Some vulnerable components also affect Office and Server Software products. How an attacker exploits them: Multiple vectors of attack, including sending malicious print jobs to luring victims to … [Read more...]
Malformed Fonts and Filenames Mangle Windows
Severity: High Summary: These vulnerabilities affect: All current versions of Windows How an attacker exploits them: Multiple vectors of attack, including enticing users to view maliciously crafted fonts or to view directories with specially crafted files or folder names Impact: In the worst case, an attacker can gain complete control of your Windows computer What to do: … [Read more...]
Nasty RTFs Nudge Word Into Submission
Severity: High Summary: These vulnerabilities affect: Word (and Office) 2003 through 2010 for Windows (and related components) How an attacker exploits it: By enticing one of your users to open a malicious RTF document Impact: In the worst case, an attacker executes code on your user's computer, gaining complete control of it What to do: Install Microsoft's Word update as … [Read more...]
Four Critical Spreadsheet Handling Flaws in Excel
Severity: Medium Summary: These vulnerabilities affect: Excel (and Office) 2003 through 2010 for Mac and PC (and related components) How an attacker exploits it: By enticing one of your users to open a malicious Excel document Impact: In the worst case, an attacker executes code on your user's computer, gaining complete control of it What to do: Install Microsoft's Excel … [Read more...]