informa
Commentary

Microsoft Office, Internet Explorer At Greatest Risk

Microsoft unleashed 11 security bulletins today, as part of its monthly patch cycle. Six of the bulletins are rated by the software vendor as "Critical," and five are ranked as "Important." You'll want to patch yourself right away, but if you had to prioritize . . .
Microsoft unleashed 11 security bulletins today, as part of its monthly patch cycle. Six of the bulletins are rated by the software vendor as "Critical," and five are ranked as "Important." You'll want to patch yourself right away, but if you had to prioritize . . .You'll want to apply the patches that fix the security flaws in Microsoft Internet Explorer and the Office suite first.

That includes Microsoft Security Bulletin MS08-009, which mends a vulnerability in Microsoft Word that enables attackers to infiltrate systems if someone clicks on a specially crafted Word document. Other Office and similarly related vulnerabilities include MS08-012 and MS08-013. They all allow remote code execution (infect or crash your system) by clicking on any nastyware. If you don't patch these, you're gambling the security of your enterprise on whether Bob in accounting makes the correct decision not to open that questionable file attachment, or he actually does.

Another critical vulnerability that needs to be patched pronto is MS08-010, which fixes what appears to be three separate vulnerabilities. The worst of which would allow remote code execution if someone in your enterprise visited the wrong Web site. These types of attacks are becoming more troublesome as attackers are getting better at gaming Google's search results to lure visitors to their Web site traps.

Bottom line: If you're your own system owner, apply all of these (critical and important) patches right away. And if you're protecting a large number of systems, it's always a good idea to test patches before deploying them. But in the case of this month's batch of updates from Redmond ... you don't want to wait too long on those that affect Microsoft Office and Internet Explorer.

Here's the link to Microsoft Security Bulletin Summary for this month, which leads to information on each of the 11 updates.

Recommended Reading: