|
Microsoft Patches Security Vulnerabilities in Windows and Office
Published: March 15, 2006
by Alex Woodie
Two patches were issued by Microsoft yesterday to fix security vulnerabilities in its software, including a previously disclosed flaw in Windows XP and Windows Server 2003 that could give an attacker administrative privileges, and a series of flaws in its Office and Works suites that could lead to remote code execution.
Microsoft Security Bulletin MS06-011 fixes an escalation of privilege vulnerability that exists in Windows XP Service Pack 1 (SP1), Windows Server 2003, and Windows Server 2003 for Itanium that could enable a user to take complete control over an affected system.
The vulnerability cannot be exploited over the Internet, Microsoft says, and was given an "important" rating by the vendor for Windows XP SP1, and only a "moderate" rating for Windows Server 2003. The vulnerability--which was discovered by SIA Group, a Spanish security researcher--had previously been disclosed to the public, but Microsoft has received no reports of any attacks exploiting it.
Microsoft Security Bulletin MS06-012, the only other patch issued yesterday, fixes several critical security vulnerabilities in many versions of Microsoft Office and its Works Suite that could allow attackers to gain complete control over affected systems over the Internet.
Microsoft says that, while it's not aware of any attacks taking place that have exploited these previously disclosed vulnerabilities, Office and Works users should immediately apply MS06-012 to shut down six related vulnerabilities. These include the Malformed Range Vulnerability, the Malformed File Format Parsing Vulnerability, the Malformed Description Vulnerability, the Malformed Graphic Vulnerability, the Malformed Record Vulnerability, and the Malformed Routing Slip Vulnerability.
|
