Microsoft Delivers Patches for Office Apps
- By Scott Bekker
Macro code-executing vulnerabilities in Word and Excel prompted Microsoft to issue a cumulative patch for the ubiquitous Office applications Wednesday evening.
Patches for four new vulnerabilities were included in Microsoft's latest bulletin: www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-031.asp.
Microsoft characterized the vulnerabilities as a moderate risk for client systems. The patches also included previously released fixes for Office applications, and Microsoft offered a new download of Office clip art on Wednesday as well.
The delivery mechanism for the patch suffers from a flaw in the Microsoft Installer that means users must have their original Office installation CD or have access to their network installation file to upgrade to the patch.
Three of the newly discovered Macro vulnerabilities involve Excel. One of the vulnerabilities is a variant on the "Word Mail Merge" vulnerability originally patched by Microsoft in 2000. That vulnerability also requires that the Microsoft Access database be present on the target system.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.