Microsoft Warns of More Office Exploits
Just days after Microsoft issued patches to plug some 20 security holes in its software, the software giant is warning users that bad guys are exploiting two more vulnerabilities in its Office product suite.
On Valentine's Day, Microsoft said it had received reports of a previously unknown flaw in Office 2000 and Office XP. Now, Symantec is reporting that there is a virus honing in on an unpatched PowerPoint bug. Microsoft has not confirmed that report.
We've seen this pattern before. Hackers wait until Microsoft issues its monthly batch of patches to start exploiting unpatched flaws that they've found or purchased from bug-finders. The hackers well know that they can exploit them for at least another four to eight weeks before Microsoft can offer a patch.
In early January, Security Fix published a study of critical patches Microsoft issued in 2006 for Office products. Those accounted for nearly half of all critical updates the company shipped last year. I predicted that Office would continue to be the company's Achilles heel this year, and so far that appears to be true. This latest PowerPoint bug could be the 14th critical security hole reported in Office this year. If it continues at this rate, Microsoft will have patched more than twice as many Office vulnerabilities by the end of this year than it did in all of 2006.
Be extremely cautious of opening e-mail attachments that you weren't expecting -- even if they appear to have been sent by someone you know and trust. If you harbor doubts about whether the sender really meant for you to click on an e-mail attachment, fire off a brief reply to confirm its validity before opening it.
The comments to this entry are closed.