Microsoft’s monthly round of security bulletins cuts across several parts
of the software giant’s product lineup and are designed to prevent attackers from taking control of users’ systems remotely.
Heading the list are three separate
bulletins that, in all, address eight separate newly discovered
vulnerabilities in Microsoft Office which could allow an attacker to take
complete control of an affected system.
MS07-023 addresses BIFF record, set font and filter record vulnerabilities in Excel, while MS07-024 addresses array overflow, document stream and RTF parsing vulnerabilities that potentially allows remote
execution of code. The last of the top three bulletins MS07-025 fixes the drawing object vulnerability in Office.
An additional two fixes address a total of 10 vulnerabilities related to Microsoft
Exchange and Internet Explorer.
Microsoft also announced that its monthly installment of software
designed to remove malicious software from users systems is available today. Microsoft said this month’s update removes Win32/Renos. The
software removal tool is available here.
Security provider McAfee
said its McAfee Avert Labs
worked with Microsoft
to disclose and patch the
vulnerability in Word and is encouraging users to update their systems as
soon as possible.
“Of particular concern is the large number of Microsoft Office, Word,
Excel and Internet Explorer vulnerabilities being patched today,” said Dave
Marcus, security research and communications manager at McAfee Avert Labs.
“These applications are the most frequently targeted by malware
their security coverage and policies to insure they have adequate protection
All of the security bulletins are available for download or as part of the regular automatic update download cycle
Microsoft offers to registered users.
Microsoft is offering a webcast for
systems administrators and others for more details on the security update
release. You can register online for the
webcast, which is set for May 9 at 11 a.m. PDT.