We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Critical Windows & Office patches available

Microsoft fixes flaws in 'Patch Tuesday'

Microsoft has patched critical vulnerabilities in its Office, Outlook and Windows software.

The software vendor released three sets of critical patches yesterday, fixing nine security bugs. A fourth update fixes a flaw in Office 2003's Brazilian Portuguese Grammar Checker. Microsoft gives this flaw a less-serious rating of 'important'.

Hackers have been paying close attention to Microsoft's Office products over the past few months, taking advantage of unpatched bugs in PowerPoint, Word and Excel to conduct extremely targeted attacks. Typically, the attacker will send the victim an email that includes a malicious Office attachment and try to entice the victim into opening the message.

In early December these attacks occurred on a very limited scale, exploiting unpatched vulnerabilities in Microsoft Word.

Microsoft didn't issue patches for Word on Tuesday, but it did patch five flaws in Excel, which has also been a point of attack over the past few months.

The Office flaws should be a top priority for system administrators, said Chris Andrew, vice-president of security technology at Patchlink.

The Windows update, which fixes a critical flaw in Windows' VML (Vector Markup Language) language is also one to watch, he said.

Last September, Microsoft was forced to rush an early patch for a similar VML bug after attackers began exploiting the flaw on the internet. By tricking victims into visiting specially crafted web pages, criminals could use this VML flaw to run unauthorised software on a victim's computer, Microsoft said.

Tuesday's VML update replaces the MS06-055 VML bug-fix that Microsoft published last September, the company said.

The Sans Internet Storm Center rates all four updates as critical, but it is singling out the VML bug in particular, saying that there is an "immediate danger" of attackers exploiting this flaw.

Sans says there are known exploits for bugs in all of the updates released Tuesday, except the Excel patches.

Microsoft had been planning to release eight sets of patches on Tuesday, but late last week, it abruptly pulled four of these updates out of the pipeline. No reason was given for this sudden decision.


IDG UK Sites

LG G4 review: Great price and camera but misses the mark in other areas

IDG UK Sites

Why Scottish Tablet is better than the iPad mini

IDG UK Sites

How to develop for Microsoft's HoloLens

IDG UK Sites

Apple MacBook 1.1 GHz review (Retina, 12-inch, Early 2015): The future of Apple laptops