Microsoft security update stamps out 11 product vulnerabilities
American software heavyweight Microsoft Corp. has this week rolled out three security bulletins for Windows, addressing a total of 11 vulnerabilities targeting potential exploits in platforms ranging from Microsoft Office to Forefront Unified Access Gateway (UAG).
Only one of the bulletins is rated as 'Critical' and contains a total of five patches, including an Office 2007 and Office 2010 exploit that can be triggered should a user preview or open a malicious RTF file in Outlook.
Another Office-related vulnerability addressed by the Critical update deals with the problematic 'DLL Preloading' and 'Binary planting' referenced in advisory 2269637.
According to Jerry Bryant, group manager of response communications for Redmond-based Microsoft, the second bulletin is rated as 'Important' and stamps out possible PowerPoint vulnerabilities that leave users open to attack from remote code execution via nefarious PowerPoint files.
The third and final security bulletin, which is also listed as 'Important' by Microsoft, closes a total of four Forefront UAG vulnerabilities, one of which could provide an attacker with "elevation of privilege" if a victim clicks on malicious Web links.
The trio of bulletins are presently being offered through the Microsoft Download Center and are not yet available through Microsoft Update. This particular patch release does not include a solution for the Internet Explorer Zero-day vulnerability that was revealed late last week.
American software heavyweight Microsoft Corp. has this week rolled out three security bulletins for Windows, addressing a total of 11 vulnerabilities targeting potential exploits in platforms ranging from Microsoft Office to Forefront Unified Access Gateway (UAG).
Only one of the bulletins is rated as 'Critical' and contains a total of five patches, including an Office 2007 and Office 2010 exploit that can be triggered should a user preview or open a malicious RTF file in Outlook.
Another Office-related vulnerability addressed by the Critical update deals with the problematic 'DLL Preloading' and 'Binary planting' referenced in advisory 2269637.
According to Jerry Bryant, group manager of response communications for Redmond-based Microsoft, the second bulletin is rated as 'Important' and stamps out possible PowerPoint vulnerabilities that leave users open to attack from remote code execution via nefarious PowerPoint files.
The third and final security bulletin, which is also listed as 'Important' by Microsoft, closes a total of four Forefront UAG vulnerabilities, one of which could provide an attacker with "elevation of privilege" if a victim clicks on malicious Web links.
The trio of bulletins are presently being offered through the Microsoft Download Center and are not yet available through Microsoft Update. This particular patch release does not include a solution for the Internet Explorer Zero-day vulnerability that was revealed late last week.
