Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Microsoft patches critical IE, Office flaws
Published: 2007-01-09

Microsoft released four fixes for vulnerabilities in its software on Tuesday in its first monthly patch of the year.

The software updates patch a critical bug in Microsoft's Internet Explorer browser, five flaws in the company's Excel spreadsheet software, and three issues in Microsoft's Outlook e-mail and messaging software. Another flaw, rated important by Microsoft, affects only the Brazilian Portuguese edition of Microsoft Office.

The Internet Explorer vulnerability occurred in the way that Microsoft's browser handles the Vector Markup Language, or VML. The issue is different than another security bug in the same component that the company fixed last September. The current patch replaces the older software update. Attacker are using the current flaw to compromise systems, Microsoft said in the advisory.

The Excel vulnerabilities are rated "critical" for Office 2000 and "important" for more recent versions of the spreadsheet program, while only one of the flaws in Outlook has been rated "critical." None of the flaws have been used to attack Office users, Microsoft said in its advisory.

With nine vulnerabilities in Microsoft Office, the bulletins continued the upward trend in the number of vulnerabilities found in the software giant's productivity suite noted by SecurityFocus last summer. Office security issues have often been used as part of targeted Trojan horse attacks aimed at compromising corporate or government systems to steal data.

Microsoft originally announced it would be releasing eight patches but decided against releasing four of the updates late last week.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:
MS07-002 was re-released later 2007-01-25
Juha-Matti Laurio


Privacy Statement
Copyright 2009, SecurityFocus