Microsoft's March Patch Tuesday monthly security update was relatively light, but the software maker also issued an advisory, warning of an unpatched vulnerability in Internet Explorer.
Microsoft released only two bulletins aimed at eight vulnerabilities in Windows Movie Maker and Microsoft Office Excel in all versions of Office, including Mac Office 2004 and 2008.
This is in stark contrast with February's 13 bulletins dealing with 26 vulnerabilities, but IT administrators will still have to deal with a new zero-day vulnerability in Internet Explorer 6 and 7 that could potentially allow hackers to execute code remotely.
Internet Explorer 8 is not affected. "Another good reason to update to the latest version of IE," said Wolfgang Kandec, CTO of vulnerability management firm Qualys in a blog post.
There are not a lot of details available on the vulnerability, but for IE 6 and 7 workarounds apply, which are detailed in the advisory, he said.
Kandek suggests that IT administrators should make the patch for MS Excel a priority. Although an attacker needs to trick the target to open a specially crafted Excel document to be able to take control of the system, exploitability is high for the majority of vulnerabilities listed, he said.
The Windows Movie Maker vulnerability also needs a user has to open a malicious file to launch an attack, and like the Excel vulnerabilities, the exploitability index is high, said Kandek.
He noted that Windows XP and Vista ship with vulnerable versions of the movie making software, and that while Windows 7 does not, a user could download and install version 2.6, which is affected.
No comments:
Post a Comment