Feeds

Critical Outlook and Excel bugs star in March Patch Tuesday

Black Tuesday updates focus on MS Office

Next gen security for virtualised datacentres

Microsoft released four updates on Tuesday as part of its regular Patch Tuesday update cycle.

The quartet of updates - all critical - concentrates on Microsoft Office and addresses 12 distinct vulnerabilities. The most pressing of these (MS08-014) covers patches for Excel against vulnerabilities that have become the focus of recent hacker attacks. Updates to all supported versions of Outlook also merit close attention.

The other two advisories cover vulnerabilities in Microsoft Office and Microsoft Office Web Components.

"Because all four of the patches affect Microsoft Office, these patches cannot be ignored or delayed. The broad install base of Microsoft Office makes Office vulnerabilities an enticing target for hackers and cyber criminals," said Alan Bentley, VP in EMEA of patching specialist Lumension.

Bentley added that updating vulnerable Outlook installations ought to be a priority for sys admins. The update to Outlook covers a vulnerability in parsing of "mailto:" URIs that allows malware to be injected onto targeted systems.

"Microsoft Outlook is the dominant email client in use today, and email is also one of the most common attack vehicles used by hackers against organisations. This makes MS08-015 a critical, remote-code-execution vulnerability which affects virtually all versions of Outlook, the biggest priority for IT administrators this Patch Tuesday," he added.

Microsoft's summary of its March patch batch can be found here.

As usual, the SANS Institute's Internet Storm Centre (ISC) has published an easy to understand graphical overview here. ISC notes that only the Excel bugs have become the target of hacking attack, making them the highest patching priority.

Symantec, by contrast, reckons the advisory to Microsoft Office Web Components is potentially the worst of the bunch.

Given this divergence of opinion, the safest option would be to apply all four critical updates sooner rather than later. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?