Microsoft to Issue Critical Patches for MS OfficeBy Dipankar Das, Gaea News Network
Wednesday, November 10, 2010
Microsoft released a patch for to fix several critical security gap of its Office productivity suite and warned that hackers can use RTF (Rich Text Format) e-mails to initiate code execution type attacks. The company issued three security bulletin for the November patch. The single most critical update in the list (MS10-087) affects Microsoft Office 2007 and 2010, because both currently contain an easy way to push Malware in booby-trapped emails with minimal user interaction. The above security update patches a total of 5 documented vulnerabilities that affects Microsoft office products
Andrew Storms, director of security operations at patching firm nCircle, explained: “The bug means that anyone who receives a malformed email with the preview pane enabled need only click on it to be infected with malware. The number of people using preview panes creates a giant pool of potential victims, and that makes this bug extremely attractive to hackers.”
Microsoft released its first security patch for Microsoft Office 2010 because of the critical lapses of its office products. Joshua Talbot, security intelligence manager at Symantec Security Response, commented that the flaw uses vulnerabilities in how Word handles Rich Text Format files, rather than the more common way of bobby-trapped .doc files. The infected files can be used to execute a buffer overflow-based code injection attack on vulnerable systems.
The other two patches in November’s updates is for PowerPoint and Microsoft ForeFront Unified Access Gateway (an SSL VPN product) and they are less important. The three security bulletin cover 11 vulnerabilities.
Tags: Malware MS Office, Patches, Software Security