Microsoft patches Excel, Office bugs

Microsoft has issued seven patches for its Windows, Office and Excel products. Five of the seven patches are rated critical.

Microsoft on Tuesday released its monthly round of security patches, fixing a number of widely reported bugs in its Excel and Office products.

The July security updates include seven sets of patches. Four of the updates address bugs in the Windows operating system, while the other three fix problems in Office and Excel. More information on the updates can be found here: http://www.microsoft.com/technet/security/bulletin/ms06-jul.mspx.

All of the Office and Excel fixes, as well as two of the Windows updates, are rated as critical by Microsoft, meaning that an attacker could theoretically take advantage of the flaws to run unauthorized code on a victim's PC.

The two critical Windows updates are for users of the Windows Server 2003, Windows XP and Windows 2000 operating systems. They fix vulnerabilities in Windows' Server service and in its DHCP (Dynamic Host Configuration Protocol) Client service.

Security vendors warned that these Windows flaws, described in MS06-035 and MS06-036, could be used by hackers to create a self-replicating worm. Those are of particular concern to enterprises," said Jonathan Bitle, a product manager with Qualys. "They are both remote code execution vulnerabilities and, on top of that, they're both wormable vulnerabilities."

NCircle Network Security is particularly concerned with the bug in the Windows Server service, which is used in network tasks such as printing and file sharing. The Server service patch "addresses the first serious vulnerability in 2006 that has the potential to create a widespread worm," nCircle said in a statement.

Unpatched Windows 2000 systems may be vulnerable to such a worm, but it would be unlikely to affect Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 machines, because they turn off Windows Server services by default, said Christopher Budd, a security program manager with Microsoft's security response center. "The most likely thing that would happen would be a denial-of-service situation."

Furthermore, Windows Server is "based on the sever message block protocol," he added. "That's something that most enterprises will be blocking at the perimeter, as a best practice."

The Excel patches, which are described in the MS06-037 bulletin are considered to be critical for users of Microsoft's Excel 2000 spreadsheet, and are rated "important" for other Excel users, Microsoft said.

The two Office updates are considered critical for Office 2000 and Project 2000 users.

Over the past month Microsoft has investigated a number of issues related to Excel and Office, following reports that hackers had launched a targeted attack against an unnamed government contractor, taking advantage of a bug in its Excel spreadsheet software.

Microsoft has not patched all the bugs related to Excel. A bug in certain Asian-language versions of Excel, disclosed late last week, has not been fixed. More information on this bug can be found here: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3431

A second vulnerability, which was demonstrated within an Excel spreadsheet last June, also remains unpatched. This vulnerability stems from a flaw in one of Microsoft's dynamic link libraries, which are used by applications such as Excel. More information on it can be found here: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3086

"They came in too late in the engineering process for us to include and still make sure we didn't jeopardize the existing release addressing other issues," said Stephen Toulouse, a security program manager with Microsoft's security response center, writing in an e-mail message.

The seven patches will keep administrators busy, although not so busy as in June. Last month, Microsoft released 12 security updates.

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Essentials

Mobile

Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >

Exec

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?