Microsoft Plugs a Dozen Office Security Holes

Microsoft has plugged no less than 12 security holes in its Office System. According to Tami Gallupe, MSRC Release Manager, all of the four security bulletins come with a maximum severity rating of Critical, a rating associated with the risk of allowing remote code execution. Five vulnerabilities impacting Office Outlook, Office and Office Web were privately reported to Microsoft. But the remaining seven holes are a mix of both privately and publicly reported vulnerabilities impacting the Excel component of the Office System.

"11 are rated 'critical' and one is rated 'important'. Two of the critical issues affect Office Web Components and have the potential to be the worst of the bunch. Office Web Components are installed as part of multiple applications. The vulnerabilities affecting them can be triggered by simply visiting a web page with some attacker-controlled content. Seven of the critical issues affect Microsoft Excel and require a victim to open a malicious file to trigger the vulnerability. The remaining issues affect Outlook and Office," Rob Keith, Security Response Engineer.

All the vulnerabilities are exploitable via malformed documents and, in the eventuality of a successful exploit, could permit the attacker to take complete control of an affected system. According to Microsoft, all the flaws put at risks both Windows and Mac users. This because the Redmond company ships not only a version of Office for Windows, but also a flavor aimed at Apple's proprietary platform.

"Windows users may be fairly accustomed to installing patches from Microsoft - but this a timely reminder that Apple Mac users need to be just as diligent when it comes to matters of computer security. Whether you run a PC or a Mac it's important to take these latest security bulletins from Microsoft seriously and ensure that your business is properly protected," said Graham Cluley, senior technology consultant at Sophos.