It is likely that this batch of patches will finally provide cover for well-known—and already exploited—vulnerabilities in Microsoft Excel.
Microsoft plans to release four security
bulletins March 11 to cover a number of remote code execution vulnerabilities
affecting the Microsoft Office productivity suite.
All four bulletins will be rated "critical," Microsoft's highest
severity rating.
According to the software vendor's advance
notice mechanism, three of the high-priority bulletins will cover holes in
Microsoft Office while the fourth will deal with issues in Microsoft Office Web
Components.
Affected software includes Microsoft Office 2000, Microsoft Office XP,
Microsoft Office 2003, Microsoft Excel, Microsoft Office Outlook and Microsoft
Office for Mac.
It is likely that this batch of patches will finally provide cover for
well-known—and already exploited—vulnerabilities in Microsoft Excel.
On Jan. 15, Microsoft shipped a pre-patch
advisory to warn of limited, targeted attacks exploiting a zero-day bug in
Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003,
Microsoft Office Excel 2002, Microsoft Office Excel 2000 and Microsoft Excel
2004 for Mac.
"At this time, our initial investigation indicates that customers who are
using Microsoft Office Excel 2007 or Microsoft Excel 2008 for Mac, or who have
installed Microsoft Office Excel 2003 Service Pack 3, are not affected by this
vulnerability," Microsoft said.
With this patch batch, the bulletin count for 2008 stands at 17.
(Sponsor)
(Sponsor)
(Sponsor)
Security Hardware & IT Security Software 
