Microsoft Plugs Office Holes, But No IE Fix Yet


  1. JMH
    Posts : 7,952
    Win 7 Ultimate 64-bit. SP1.
       New #1

    Microsoft Plugs Office Holes, But No IE Fix Yet


    Microsoft Corp. today issued three bundles of updates fixing at least 11 security vulnerabilities in its software, mainly flaws in Microsoft Office products. But the company did not release an update today to remedy a critical flaw built into in all versions of the Internet Explorer Web browser that is now being exploited by at least one common, automated hacker toolkit.

    Two of the updates address Office bugs, including one that is limited to older versions of PowerPoint and PowerPoint Viewer. Only one of today’s patches earned a “critical” rating, Microsoft’s most serious. But experts are warning that this critical Office vulnerability is likely to be used in targeted e-mail attacks against Microsoft Outlook users.

    “One of the most dangerous aspects of this vulnerability is that a user doesn’t have to open a malicious email to be infected,” said Joshua Talbot, security intelligence manager for Symantec Security Response.

    “All that is required is for the content of the email to appear in Outlook’s Reading Pane. If a user highlights a malicious email to preview it in the Reading Pane, their machine is immediately infected. The same holds true if a user opens Outlook and a malicious email is the most recently received in their inbox; that email will appear in the Reading Pane by default and the computer will be infected.”
    More -
    Microsoft Plugs Office Holes, But No IE Fix Yet — Krebs on Security
      My Computer
    Quote Quote

  3. roncerr
    Posts : 2,066
    Windows 8 Pro w/MC 32-bit
       New #2

    "One of the most dangerous aspects of this vulnerability is that a user doesn’t have to open a malicious email to be infected," said Joshua Talbot, security intelligence manager for Symantec Security Response. "All that is required is for the content of the email to appear in Outlook’s Reading Pane..."

    Do they really have to say this? That's been true ever since the reading pane was invented. It's OPENED in the pane automatically. Really!?!
      My Computer
    Quote Quote

  4. JMH
    Posts : 7,952
    Win 7 Ultimate 64-bit. SP1.
    Thread Starter
       New #3

    roncerr said:
    "One of the most dangerous aspects of this vulnerability is that a user doesn’t have to open a malicious email to be infected," said Joshua Talbot, security intelligence manager for Symantec Security Response. "All that is required is for the content of the email to appear in Outlook’s Reading Pane..."

    Do they really have to say this? That's been true ever since the reading pane was invented. It's OPENED in the pane automatically. Really!?!
    New users [with little or no knowledge] are coming online daily.
    Things we know & take for granted need to be repeated....
    Some patience needs to be exercised.
      My Computer
    Quote Quote

  6. roncerr
    Posts : 2,066
    Windows 8 Pro w/MC 32-bit
       New #4

    JMH said:
    New users [with little or no knowledge] are coming online daily.
    Things we know & take for granted need to be repeated....
    Some patience needs to be exercised.
    True. Perhaps we should clue them in about the need to avoid anything with the name "Symantec" in it, like Norton.
      My Computer
    Quote Quote

 

  Related Discussions
Apple has released Safari 4.0.2 to fix a pair of security flaws that could lead to cross-site scripting or remote code execution attacks. The vulnerabilities affect Safari for Windows (XP and Vista) and Mac OS X. The patch solves an issue in WebKit’s handling of the parent and top objects may...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 12:50.
Find Us