Seven MS Office, Windows Patches to Cover Critical FlawsBy Ryan Naraine | Posted 2006-07-06 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Microsoft's July batch of patches will include critical fixes for bugs in Windows and Office; an Excel spreadsheet fix is expected.Microsoft plans to release seven security bulletins on July 11 to cover a range of critical vulnerabilities affecting Windows and Office users.
Four of the seven bulletins will include patches for flaws in the Windows operating system, while three will deal with bugs in the Microsoft Office productivity suite.
The Microsoft Office patches are expected to include a fix for a known code execution hole in the Excel spreadsheet program.
That flaw is already being used in targeted attacks against an unidentified business interest, Microsoft confirmed.
The Excel attack includes the use of Trojan horse program called Trojan.Mdropper.J that arrives as an Excel spreadsheet with the file name "okN.xls."
When the Trojan is executed, it exploits the Excel flaw to drop and execute a second piece of malware called Downloader.Booli.A. It then closes Microsoft Excel.
The MSRC (Microsoft Security Response Center) has already acknowledged a second bug that uses embedded hyperlinks in Excel documents to exploit a Windows vulnerability. Detailed exploit code for that vulnerability has been released on the Internet.
Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.