Microsoft are getting ready to patch yet another 26 security flaws this coming patch Tuesday. One affecting the kernel of 32-bit versions of Windows and several holes in Office. Five of the 13 bulletins affect vulnerabilities that could lead to remote code execution and Microsoft have rated them as critical, seven are rated important, and one is rated as moderate.
The Office security flaws would require the user to be tricked into opening a “specially crafted” file that will then exploit a vulnerability in Office.
“The Office-related bulletins are both rated Important and would require user action to be exploited (usually in the form of convincing a user to open a specially crafted file),”
Jerry Bryant, a senior security communications manager at Microsoft, wrote in a blog post. It’s only older versions of Office that are affected by these vulnerabilities.
“The vulnerabilities only affect older versions of Office so customers on Office 2007 or Office 2008 for Mac will have no actions this month.”
The bulletins affect Windows 2000, XP, Vista and Windows 7, as well as Server 2003 and 2008, Office XP, Office 2003 and Office 2004 for Mac, according to the advisory released on technet.
Included in this security update are two fixes for holes in 32-bit versions of Windows which could allow someone to install programs, change data, or create new accounts with full user rights.
However there are still two underlying flaws Microsoft have yet to address – a hole in Internet Explorer that could lead to data leakage, which was disclosed on Wednesday, and a hole in the Server Message Block file-sharing protocol that was disclosed in November.
But Jerry Bryant said:
“We are not aware of any attacks on these vulnerabilities and continue to encourage customers to implement the mitigations and workarounds outlined in the advisories,
This chart shows the number of bulletins affecting the different versions of Windows and their rating of importance. (Credit: Microsoft)
