Seven MS Office, Windows Patches to Cover Critical Flaws

Microsoft's July batch of patches will include critical fixes for bugs in Windows and Office; an Excel spreadsheet fix is expected.

Microsoft plans to release seven security bulletins on July 11 to cover a range of critical vulnerabilities affecting Windows and Office users.

Four of the seven bulletins will include patches for flaws in the Windows operating system, while three will deal with bugs in the Microsoft Office productivity suite.

/zimages/1/28571.gifeBay ends the bidding on a Microsoft Excel vulnerability. Click here to read more.

As is customary, the company is not releasing details on the vulnerabilities except to say that the updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.

Some of the updates will require a restart.

/zimages/1/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

The Microsoft Office patches are expected to include a fix for a known code execution hole in the Excel spreadsheet program.

That flaw is already being used in targeted attacks against an unidentified business interest, Microsoft confirmed.

The Excel attack includes the use of Trojan horse program called Trojan.Mdropper.J that arrives as an Excel spreadsheet with the file name "okN.xls."

When the Trojan is executed, it exploits the Excel flaw to drop and execute a second piece of malware called Downloader.Booli.A. It then closes Microsoft Excel.

The MSRC (Microsoft Security Response Center) has already acknowledged a second bug that uses embedded hyperlinks in Excel documents to exploit a Windows vulnerability. Detailed exploit code for that vulnerability has been released on the Internet.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.