The American software giant has released 7 security bulletins to address nearly 20 vulnerabilities in Windows and Office. Among these, 5 patches are classified as the highest risk, potentially allowing hackers to remotely attack users’ systems.
 |
| Source: sci-tech-today.com |
The most severe vulnerability for July is found in the “Mailslot” component of Windows. The update MS06-035 describes how an intruder could exploit this vulnerability to remotely control systems running on Windows 2000, Windows XP, and Windows Server 2003.
Another flaw in the DHCP (Windows Dynamic Host Configuration Protocol) could also be exploited by hackers using a method similar to the “Mailslot” vulnerability. Microsoft has addressed this issue in bulletin MS06-036. “Remotely exploitable vulnerabilities are always considered very serious because hackers can carry out attacks over the Internet without needing to interact with users,” commented Dave Cole, an analyst at Symantec, a security firm based in the U.S.
Microsoft also introduced three additional updates to address 13 issues within the Office suite, including a patch that covers 8 vulnerabilities and addresses 2 Excel vulnerabilities that hackers have used to spread malware online.
Office 2000 installations are the most affected, as they do not display a dangerous warning when users open an attachment in an email. The Office and Excel vulnerabilities are detailed in bulletins MS06-037, MS06-038, and MS06-039.
In addition to the 5 bulletins addressing “critical” issues mentioned above, the Redmond, Washington-based company also released 2 “important” alerts related to web servers running Windows software. Bulletin MS06-034 fixes a vulnerability that could allow an attacker to upload an ASP file containing malicious code to control the server. The remaining bulletin, MS06-033, allows hackers to secretly view content within the application folders of the web server.
