Microsoft releases Latest Round of Patches for Excel
On Tuesday, software giant Microsoft released a number of critical updates with the main aim to patch the many vulnerabilities that have affected Excel in recent months. Eight different flaws in the well known spreadsheet program were fixed in a single update. Two critical flaws in Windows and two other critical issues affecting Office and other Microsoft programs were also fixed.
The update for Excel includes fixes for various issues which have malformed records and values. The most serious one could even open up a user’s machine to a remote code execution.
Microsoft also fixed two vulnerabilities in Office. On of the vulnerabilities deals with a parsing flaw that could lead to remote code execution and a system takeover risk. The other one deals with issues in how Office handles malformed PNG and GIF files.
Regarding Windows, Microsoft patched two problems with the Server and DHCP services. In Server services, vulnerability exists in the driver, which could open a system up to a takeover risk, as well as an information disclosure risk exists that could allow an attacker to view to view fragments of memory used to store SMB traffic during transport.
In DHCP services, a buffer overrun flaw could allow for remote code execution and system takeover.
Additionally, Microsoft also released two patches rated “important”, which mainly affect those affect those running Web sites on the Windows platform. A hole that was in ASP.NET security, which exposes information that could assist in future attacks, has been filled.
“Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system,” Microsoft said.
Users can immediately download all seven security bulletins through Automatic Updates or Microsoft’s various other update services.
RSS |
Permanent Link
|
Del.icio.us
|
Cosmos
|
Digg
|
|
