Network News

X My Profile
View More Activity

Microsoft Warns of More Office Exploits

Just days after Microsoft issued patches to plug some 20 security holes in its software, the software giant is warning users that bad guys are exploiting two more vulnerabilities in its Office product suite.

On Valentine's Day, Microsoft said it had received reports of a previously unknown flaw in Office 2000 and Office XP. Now, Symantec is reporting that there is a virus honing in on an unpatched PowerPoint bug. Microsoft has not confirmed that report.

We've seen this pattern before. Hackers wait until Microsoft issues its monthly batch of patches to start exploiting unpatched flaws that they've found or purchased from bug-finders. The hackers well know that they can exploit them for at least another four to eight weeks before Microsoft can offer a patch.

In early January, Security Fix published a study of critical patches Microsoft issued in 2006 for Office products. Those accounted for nearly half of all critical updates the company shipped last year. I predicted that Office would continue to be the company's Achilles heel this year, and so far that appears to be true. This latest PowerPoint bug could be the 14th critical security hole reported in Office this year. If it continues at this rate, Microsoft will have patched more than twice as many Office vulnerabilities by the end of this year than it did in all of 2006.

Be extremely cautious of opening e-mail attachments that you weren't expecting -- even if they appear to have been sent by someone you know and trust. If you harbor doubts about whether the sender really meant for you to click on an e-mail attachment, fire off a brief reply to confirm its validity before opening it.

By Brian Krebs  |  February 16, 2007; 3:52 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Apple Works To Stave Off Big Mac Attack
Next: Microsoft to Tighten Anti-Piracy Noose in Vista

No comments have been posted to this entry.

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company