Microsoft Fixes 'Critical' Bugs in Windows, Office

Microsoft's most recent security update includes fixes for a total of 22 flaws affecting the Windows operating system (OS), the Microsoft Office program suite, and the .Net Framework.

The 22 fixes are spread across seven security bulletins, three of which Microsoft has ranked 'critical,' the company's highest security rating. Another four have been rated 'important,' which is one step down from 'critical.'

Remote Code Execution Flaws Rampant

All but two of the security bulletins address issues related to remote code execution vulnerabilities. Problems like these can put a computer system at risk of being taken over by a hacker working at a distance.

Although none of these bugs has yet been exploited by cyber criminals, Microsoft has said that it's only a matter of time before hackers discover a way to infiltrate a system using these vulnerabilities.

That's why it's important that users apply this most recent update to cover these security holes as soon as they can.

The most significant flaws can be found in Microsoft Office 2003, 2007, and Microsoft Office for Mac 2011. According to reports, it is a flaw in the way these programs handle Rich Text Format files that could allow a hacker to gain control of a user's computer. (Source: computerworld.com)

Microsoft says the exploit can be triggered even without a user actually opening a file. In fact, a computer can be compromised when a user simply views an attached file in Microsoft Outlook's preview pane.

Microsoft Office for Mac 2011 is also affected. As a result, Microsoft now says it's important that Mac users start paying attention to security vulnerabilities, and taking steps to close them.

Windows, Silverlight Flaws Also Addressed

Microsoft has also issued updates that address issues related to last year's Duqu malware affecting Windows, the .Net Framework, Silverlight, and Office. However, it is worth noting that Microsoft insists Duqu has not been an issue this year.

The company says it has also fixed six bugs in the popular spreadsheet program Excel, including a remote code execution vulnerability.

A remote code flaw in Visio has also been addressed. In order for the remote code exploit to work, Microsoft says a hacker would need to convince a user to click on a specially crafted file.

Still, security expert Wolfgang Kandek says that's not an unlikely scenario.

"As we have seen in some of the last year's data breaches...attackers are capable of drafting a convincing email that can trick a percentage of the emails recipients into opening such a file," Kandek said. (Source: pcmag.com)