Microsoft today released one critical fix for Office and another deemed important targeting a hole in the Windows operating system.
The critical patch, (MS06-012), replaces several prior security updates regarding Excel. Six vulnerabilities were announced, all centered on one form or another of malformed file formats.
The update addresses a remote code execution vulnerability in Microsoft Office 2000, Microsoft Office XP and Microsoft Works Suites.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i"This update resolves several newly discovered, privately reported and public vulnerabilities," according to the company. The vulnerability could allow attackers to view, change or delete data.
The other patch, (MS06-011), affects users of Windows XP Service Pack 1, Windows Servers 2003 and Windows Server 2003 Itanium.
The vulnerability opens Windows 2003 to the moderate risk of remote attack while allowing someone with valid login credentials to take over a networked Windows XP machine.
Mitigating the risks are the need for attacks to have a valid login to the XP machine, the attacker's need to be in supervisory mode and the attack's scope limited to Windows XP Service Pack 1, according to Microsoft.
The patch also included an answer to problems some have experienced when attempting to install the update.