We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Critical Windows & Office patches available

Microsoft fixes flaws in 'Patch Tuesday'

Microsoft has patched critical vulnerabilities in its Office, Outlook and Windows software.

The software vendor released three sets of critical patches yesterday, fixing nine security bugs. A fourth update fixes a flaw in Office 2003's Brazilian Portuguese Grammar Checker. Microsoft gives this flaw a less-serious rating of 'important'.

Hackers have been paying close attention to Microsoft's Office products over the past few months, taking advantage of unpatched bugs in PowerPoint, Word and Excel to conduct extremely targeted attacks. Typically, the attacker will send the victim an email that includes a malicious Office attachment and try to entice the victim into opening the message.

In early December these attacks occurred on a very limited scale, exploiting unpatched vulnerabilities in Microsoft Word.

Microsoft didn't issue patches for Word on Tuesday, but it did patch five flaws in Excel, which has also been a point of attack over the past few months.

The Office flaws should be a top priority for system administrators, said Chris Andrew, vice-president of security technology at Patchlink.

The Windows update, which fixes a critical flaw in Windows' VML (Vector Markup Language) language is also one to watch, he said.

Last September, Microsoft was forced to rush an early patch for a similar VML bug after attackers began exploiting the flaw on the internet. By tricking victims into visiting specially crafted web pages, criminals could use this VML flaw to run unauthorised software on a victim's computer, Microsoft said.

Tuesday's VML update replaces the MS06-055 VML bug-fix that Microsoft published last September, the company said.

The Sans Internet Storm Center rates all four updates as critical, but it is singling out the VML bug in particular, saying that there is an "immediate danger" of attackers exploiting this flaw.

Sans says there are known exploits for bugs in all of the updates released Tuesday, except the Excel patches.

Microsoft had been planning to release eight sets of patches on Tuesday, but late last week, it abruptly pulled four of these updates out of the pipeline. No reason was given for this sudden decision.


IDG UK Sites

Windows 9 release date, price, features: Windows 9 will be a free update

IDG UK Sites

Windows 9 and the death of the OS as a must-have product

IDG UK Sites

Corel Painter 2015 review

IDG UK Sites

Best iPhone 6, iPhone 6 Plus deals: iPhone 6, iPhone 6 Plus tariffs, contracts and prices UK