Published: 2006-03-15
The issues affecting Office allow for a 'drive-by download' whereby a user simply visits a malicious webpage with Internet Explorer to become affected. All of the six Office vulnerabilities earned the "Critical" tag, Microsoft’s highest rating.
The other patch is a privilege elevation in Windows based on permissive Windows services DACLs. This vulnerability is tagged as "Important" due to the requirement of valid login credentials for exploitation.
One of the vulnerabilities patched in this update received press coverage several months ago when it was briefly auctioned on eBay. The online auction site eventually pulled the auction stating it was against policy.
Posted by: Peter Laborge
