- Is Microsoft preparing us to move beyond Vista?
- Why Google wanted to lose wireless spectrum auction
- iPhone shortage fuels rumors of imminent 3G phone
- XP for cheap PCs: a second crack in the wall
- Darts into data: Leveraging random action to competitive advantage
- Most iPhone buyers are existing Apple customers
- AT&T's so-called open network principles
- Mono dev tool offered
- ActiveState upgrades IDE
- Serena plans SaaS products
July 13, 2007 | Comments: (0)
Microsoft adds Office for Mac to patch
Heads up Apple users -- Microsoft has quietly added Office 2004 for the Mac to one of its latest security patches.
On June 12, Microsoft amended the list of affected products covered by its MS07-036 security update to add the Mac iteration of Office. The patch was originally released earlier in the week as part of the software maker's monthly Patch Tuesday bulletin distribution.
The Office for Mac bulletin is ranked as critical, Microsoft's most severe security update rating, and hackers could potentially use exploit the flaw to carry out remote code executions on affected PCs, the company warned.
The bug could specifically allow outsiders to use a specially-crafted Excel file to overwhelm an affected system's memory and take control of the device, according to Microsoft.
Microsoft reported that users whose Office systems are configured to have fewer administrative privileges are at less risk for malware exploitation than users who operate with broader rights. (shocker!)
MS07-036 aims to patch three vulnerabilities -- two of which were rated as critical, and one of which related to a known zero-day flaw. The bulletin repairs bugs in Excel 2000, 2002, 2003, and 2007.
On Tuesday the company issued six security updates for Windows, Office, and .Net Framework, patching a total of 11 vulnerabilities -- five of them rated critical.
The most serious of the batch is MS07-039, which patches a pair of bugs in Active Directory in Windows 2000 Server and Windows Server 2003, the two supported server editions of Microsoft's operating system.
The most dangerous of the two is a vulnerability in the way Active Directory validates an LDAP request. According to Microsoft's write-up, "an attacker who successfully exploited this vulnerability could take complete control of an affected system."
The Active Directory bug can be exploited without any user interaction, and on Windows 2000 Server, the older of the two operating systems, the company said.
Posted by Matt Hines on July 13, 2007 12:43 PM
RATE THIS ARTICLE:
-
- COMMENTS
TOP STORIES
ADDITIONAL RESOURCES
- Remote Access: Maintain Security and Decrease the Burden on IT
- Beyond AntiVirus: Symantec Endpoint Protection
- What Every Enterprise Needs to Know About VDI
- Disaster Recovery in Minutes
- Protecting Microsoft(R) Applications
- Reduce Recovery Times and Tape Costs
