Forum latest

Patch Tuesday! One down, one left to exploit you!
Written by Daniel   
Wednesday, 13 September 2006 12:49
Microsoft patches one Office flaw, leaves another
Publisher software gets repair, but similar hole in Word unfixed
Robert McMillan
Google News

September 12, 2006 (IDG News Service) -- Microsoft Corp. has released its monthly set of security patches, fixing a critical flaw in Office.

Attackers could exploit the bug by tricking Office users into opening a maliciously encoded .pub document, which would then allow attackers to run unauthorized software on a victim's PC. These .pub documents are created by Microsoft's Publisher software, an Office component used for designing print and online business publications.

Microsoft rates the bug as "critical" for Publisher 2000, but this warning has been downgraded to "important" for the Publisher 2002 and Publisher 2003 products.

Some security experts expected Microsoft to fix a similar bug in Word, which has been used by online attackers over the past few weeks, but that problem remains unfixed.

Microsoft acknowledged the Word problem last week and probably did not have time to run a fix through its quality assurance tests, said Jonathan Bitle, a manager of technical accounts at Qualys Inc. "It's really late in their engineering cycle, so it's understandable that they wouldn't manage to get something out," he said.

Both the Word and Publisher bugs rely on the same type of attack to work: An attacker e-mails a malicious document and somehow tricks the victim into clicking on the attachment.....
More to be had...



See also

None found.

Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either