MS Fixes 8 Flaws, Critical Excel Flaw Still Looms

Microsoft has made good on its promise to fix eight security flaws with its most recent Patch Tuesday offering. The download helps prevent at least one issue marked "critical," but as rumored last week. still fails to address another flaw.

The fix that will garner the most attention with this latest patch is one meant to prevent hackers from taking control of a user's computer by launching malicious code through specially engineered EMF or WMF images.

"That is the most important one," remarked Wolfgang Kandek, security company Qualys' CTO. "Your machine can be controlled by the attacker," meaning this is one potential disaster that "should be addressed as quickly as possible." (Source: crn.com)

But that's not all.

There are other issues addressed by the patch that could present equally devastating results, including one gaping hole that could allow a hacker to launch a denial of service (DOS) attack. Also marked "important" by Microsoft are vulnerabilities in the Windows kernel and in DNS, WINS servers, and Secure Channel that might lead to phishing scams and in a worst-case scenario, identity theft. (Source: tgdaily.com)

Microsoft: better safe than sorry

These are considerable vulnerabilities, even if they are marked "important" instead of the more alarming "critical". Their designation is a tad weaker because a hacker would have to somehow convince an unsuspecting (or masochistic) user to give up their access passwords in order to launch an attack against a server. It would be even more difficult for a hacker to do so without any help.

Still, anything is possible and Microsoft is strongly encouraging Home and especially Business users to install the patch released yesterday.

"They might still be testing it."

Unfortunately, as was rumored last week, Microsoft has yet to release anything that might fix a gaping wound in its Microsoft Office Excel program. The issue, which has been scaring folks for about two weeks now, could allow for remote malware attacks through infected .XLS spreadsheet files.

The rumor remains that Microsoft is furiously testing a patch that should be available soon. "They might be still testing it. Excel is a very important piece of software for many applications," Kandek said. "I would like to see [a patch] as soon as possible."