As part of its monthly "Patch Tuesday" schedule, Microsoft has issued nine new bulletins (six of them described as "critical") about a number of different security vulnerabilities in its software including Microsoft Excel and Internet Explorer.
According to Microsoft's Security Bulletin Summary for August 2007, the security updates resolve vulnerabilities, "in addition to other security issues identified during the course of the investigation." The vulnerabilities "could allow remote code execution if a user opens a specially crafted Excel file" or "if a user viewed a specially crafted Web page using Internet Explorer."
Security professionals are recommending that the patches be installed quickly, as some of them could enable hackers to access data on a vulnerable PC or run malicious code such as a worm.
"Vulnerabilities in Microsoft Windows, Windows Media Player, Office, and Office for Mac may allow an attacker to access your computer, install and run malicious software on your computer, or cause it to crash," says US-CERT in a Cyber Security Bulletin.
"More and more companies are recognizing the importance of ensuring that all computers which connect to their network conform to a defined security policy, which includes having the latest security patches in place," said Graham Cluley, senior technology consultant at Sophos. "Network Access Control gives businesses the ability to control who and what is connecting to their systems ... If left unpatched a PC risks bringing spyware or other malicious code right into the heart of your network."
NEW ON THE PODCAST