RealTime IT News

A 'Critical' Patch Day For Microsoft

Microsoft's monthly round of security bulletins cuts across several parts of the software giant's product lineup and are designed to prevent attackers from taking control of users' systems remotely.

Heading the list are three separate bulletins that, in all, address eight separate newly discovered vulnerabilities in Microsoft Office which could allow an attacker to take complete control of an affected system.

MS07-023 addresses BIFF record, set font and filter record vulnerabilities in Excel, while MS07-024 addresses array overflow, document stream and RTF parsing vulnerabilities that potentially allows remote execution of code. The last of the top three bulletins MS07-025 fixes the drawing object vulnerability in Office.

An additional two fixes address a total of 10 vulnerabilities related to Microsoft Exchange and Internet Explorer.

The other four bulletins include one that addresses four newly discovered vulnerabilities in Microsoft Exchange, MS07-026. Another, MS07-027, addresses six vulnerabilities in Internet Explorer.

The last two bulletins are MS07-028, which addresses vulnerabilities in CAPICOM and Biztalk, and MS07-029, which provides a Microsoft Windows fix.

Microsoft also announced that its monthly installment of software designed to remove malicious software from users systems is available today. Microsoft said this month's update removes Win32/Renos. The software removal tool is available here.

Security provider McAfee  said its McAfee Avert Labs worked with Microsoft  to disclose and patch the vulnerability in Word and is encouraging users to update their systems as soon as possible.

"Of particular concern is the large number of Microsoft Office, Word, Excel and Internet Explorer vulnerabilities being patched today," said Dave Marcus, security research and communications manager at McAfee Avert Labs. "These applications are the most frequently targeted by malware  writers, so we recommend that all customers evaluate their security coverage and policies to insure they have adequate protection in place."

All of the security bulletins are available for download or as part of the regular automatic update download cycle Microsoft offers to registered users.

Microsoft is offering a webcast for systems administrators and others for more details on the security update release. You can register online for the webcast, which is set for May 9 at 11 a.m. PDT.