Microsoft has released a patch for 6 “critical” security vulnerabilities in Office, including 5 flaws in Excel and one issue in Windows. At the same time, they also advised users to install the update for Adobe Systems’ Flash Player.
Some of the vulnerabilities in the Excel spreadsheet application could allow attackers to take complete control of a system. However, the malicious actors would need to trick users into opening an Excel file containing harmful code. The sixth flaw affects a range of Office applications, including versions of Word, Outlook, and PowerPoint. Microsoft has addressed these issues in the patch MS06-012.
The second upgrade, MS06-011, resolves an issue occurring with Windows XP Service Pack 1 and Windows Server 2003. This flaw could allow a user with limited access to gain administrative rights.
The Windows vulnerability and 2 of the Excel flaws mentioned above had been publicly disclosed earlier, but Microsoft confirmed that they have not recorded any instances of exploitation.
In addition to the regular patch, the American software giant also warned everyone about an issue in Macromedia Flash Player – a third-party application from Adobe Systems – which Microsoft distributes as part of the Windows product package.
Adobe Systems acknowledged that the flaw in Flash could allow hackers to take control of computers remotely if users inadvertently download a harmful file in SWF format onto their systems.
This vulnerability affects Flash Player versions 8.0.22 and earlier, as well as Breeze Meeting 5.0 and earlier. Download the update here.
