Microsoft Patches: Two for Tuesday
Microsoft today issued a pair of free security updates to fix a couple of problems in its Windows operating system and Microsoft Office software.
The Office update is a fairly large bundle that corrects at least a half-dozen vulnerabilities in most versions of Microsoft Office (including versions of Office for Mac OS X), as well as the Microsoft Works suite, which comes pre-installed on many Windows PCs, depending on the manufacturer. All six of the flaws earned a "critical" rating from Microsoft -- it's most serious, meaning Redmond considers them dangerous enough that a computer worm could use them to spread to vulnerable PCs without any action on the part of the user.
The Office flaws are considered "critical" only for Microsoft Office 2000 and Outlook 2000. The same vulnerabilities on other versions of Office are rated "important," a slightly less dangerous class of flaws Microsoft assigns to those that "whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources." Bottom line: critical or important, don't delay installing these patches if you're using Microsoft Office.
Microsoft also issued an update to correct an "important" vulnerability on Windows Server 2003 and Windows XP systems running Service Pack 1 (that would be any XP user who hasn't upgraded to Service Pack 2 yet). This flaw looks like it could be a little convoluted for attackers to exploit, but according to Microsoft the patch fixes a flaw that has been publicly disclosed, so it's certainly not out of the realm of possibility that the bad guys may have figured out a way to exploit it. Besides, Microsoft says "an attacker who successfully exploited this vulnerability could take complete control of an affected system."
A few notes about applying patches for Microsoft Office. If you are running Office 2000 or Microsoft Works, Microsoft recommends downloading patches from its Office Update page. Users of other affected Office versions should be able to download the patch from the Microsoft Update site.
Keep in mind, however, that these Office updates assume you have been keeping up to date on previous patches for Office products. If you're using an older version of office -- Office 2000 for example -- and you've never once visited Office Update, you will have a fair amount of updating to do before you get to this patch. But don't let that discourage you: If you haven't ever updated your Office software before, now would be an excellent time to take care of that.
Finally, if past experience is any indicator, Office users may need to have their original Microsoft Office installation discs handy while applying patches. This may not be the case for newer versions of Office, but it's always been the case with Office 2000 as far as I can remember.
By Brian Krebs |
March 14, 2006; 2:08 PM ET
New Patches
Previous: Apple Issues Another Mac Patch Bundle |
Next: Adobe Issues Critical Macromedia Flash Update
Posted by: John Cali | March 15, 2006 10:42 AM
Ever since installing McAfee VSE 80i on my Dell Latitude CP, the machine has been running very slowly, and I've been getting a recurring msg: Unknown Software exception (oxc0000008) at location ox7c964ed1. What's up (and how to fix)?
Thanks,
Hugh
Posted by: Hugh | March 15, 2006 8:51 PM
I have another naught company to add to your warning list. After painstakingly moving files from one hard drive to another I added software that came with my DVD+_ burner/player. The software was from NERO, I had used them before and was hesitant to use them again, but in order to play DVD's I needed a decoder. They took over every sound file in my computer,including my banking and made themselves default player. It took me at least an hour to remove their crap. Sounds still do not work right. Plaes warn your readers NERO (about) SUCKS!!!
Posted by: Louann Oravec | March 16, 2006 5:47 PM
Very good site, congratulations! horse art
Posted by: art | April 20, 2006 10:01 PM
The comments to this entry are closed.
Hi Brian,
Just wanted to say how valuable I find your column, especially since I run a small business with my 2 computers.
But I have a question regarding Windows updates. I've selected the option to have updates automatically downloaded and installed every day. Yet, when I occasionally go to check Microsoft's update site, it often tells me my computer needs the latest updates.
I'm confused!
Thanks!