Microsoft Released the Security Updates for March

As we anticipated on Friday, Microsoft published yesterday two security bulletins with fixes for a series of vulnerabilities from Office and Windows XP.

This month, of all the Office applications, Excel is the most targeted one, five fixes being aimed at the spreadsheet program.

Updates CVE-2005-4131, CVE-2006-0028, CVE-2006-0029, CVE-2006-0030, CVE-2006-0031, all part of the security bulletin MS06-012, fix vulnerabilities which could be exploited by attackers to allow remote code execution via a specially crafted Excel file. Update CVE-2006-0009 targets all the Office application and fixes a security hole that can be exploited similarly to the ones mentioned above.

All the vulnerabilities are rated critical, and Microsoft recommends the immediate update of the systems.

The second security bulletin, MS06-011, contains a single update, CVE-2006-0023, which targets Windows XP with Service Pack 1 and Windows Server 2003. The vulnerability allows a low-privileged user to change properties associated with certain services related to the OS.

Microsoft rates the vulnerability as important for Windows XP Service Pack 1 and as moderate for Windows Server 2003.

The security bulletin for Office, MS06-012, can be accessed here, and the one for Windows, MS06-011, here.