The upcoming patch Tuesday from Microsoft will offer 7 security patches to reconcile vulnerabilities found in their widely used software.
Although Microsoft does not disclose in advance what flaws are to be patched, two vulnerabilities in Excel are likely to be among the fixes. One issue relates to maliciously crafted spreadsheet files that could lead to a full system compromise, while the other relates to hyperlinks in Excel documents.
Two security flaws affecting Internet Explorer were also reported last week, including a cross-site scripting issue where an attacker could view information in an open browser window from another that is visiting a malicious site.
As usual, Internet Explorer is being fixed yet again. For the second month straight Excel will receive some patch love among a few others that we are not yet aware of. If you are a corporate system administrator then ensure you test these patches on a closed network before deploying throughout your enterprise.
A day after Microsoft released 12 patches that fixed 21 vulnerabilities, including an exploit in Word, it appears that reports of a new vulnerability in Microsoft Excel are surfacing.
Here’s what we know: In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an email attachment or otherwise provided to them by an attacker. (note that opening it out of email will prompt you to be careful about opening the attachment) So remember to be very careful opening unsolicited attachments from both known and unknown sources.
There probably will not be a patch until the next Patch Tuesday so be on the lookout for any malicious activity that may attempt to exploit this vulnerability.
The second largest patch Tuesday has arrived, with Microsoft issuing fixes for 8 critical security flaws, and a host of other non-criticals, in a number of their products. Today’s set of patches offered the greatest number since February 2005, and is the second largest overall.
Out of the eight critical fixes, 2 resolve Internet Explorer vulnerabilities, 1 is for Windows Media Player, 2 are for the Windows operating system itself, 1 is for Word and 1 is for PowerPoint. The Word patch reconciles a major security issue regarding a highly-publicized zero-day exploit, which has already used in conjunction with a number of attacks. The vulnerability can be exploited after a user opens a specially crafted Word file with a malformed object pointer, allowing for code execution.
There is also a cumulative patch for Internet Explorer, which fixes five code execution vulnerabilities, a spoofing flaw, and an issue that could pose both an information disclosure or spoofing risk. Modifications to the way that Internet Explorer handles ActiveX controls is also included in the IE cumulative update.
It is highly recommended that all organizations take the necessary steps required in order to install these patches, especially considering the critical exploits that they resolve.
If you have ever been concerned with catching a virus, or having your computer exploited, after completing a fresh install of Windows XP then this guide by the SANS Institute is exactly what you need. Windows XP: Surviving the First Day is written for the average computer user, in order to ensure that they are able to successfully complete an installation of Windows XP without fear of getting 0wned, so to speak.
This is probably one of the best written, well laid out articles on this very subject. Whether you are in to computer security or not, this is a guide that should be followed by all.