|
Microsoft released MS06-012 security bulletin on March
15th, and the patch fixes six vulnerabilities in
Microsoft Office. When a user using vulnerable versions of MS
Office opens a malformed MS Office file, a buffer overflow
would happen and an attacker can remotely connect to the
vulnerable host and gain the same privileges as the local
user. If the user is logged on with administrative rights, an
attacker can take complete control of the victim. To
successfully exploit these vulnerabilities, an attacker can
put malformed MS Office files on a web site and dupe users to
open them.
Since the six vulnerabilities in Office could allow an
attacker to compromise a computer, MS06-012 bulletin is rated
as Critical, which is Microsoft’s highest rating.
MS Word 2003, MS Outlook 2003, and MS PowerPoint 2003 are
not affected by these vulnerabilities.
BSST, Broadweb Security Service Team, suggests that users
of vulnerable MS office do as the following:
1. Apply the MS06-012 patch:
2. Watch pattern release notices from Broadweb and keep
their patterns up-to-date.
Broadweb Security Service Team (BSST) - Empower Your
Network Security
Broadweb NetKeeper Intruder Prevention System delivers
the protection against intrusion, worms, DDOS, Instant
messaging, P2P, Web-Mail, and Web
Post. | 