Microsoft closes seven holes in Excel
The Movie Maker vulnerability affects Windows Movie Maker 2.1, Windows Movie Maker 2.6, Windows Movie Maker 6.0 and Microsoft Producer 2003. Specially crafted project files allow malicious code to be injected and executed on a computer. While the software is only included as standard in Windows XP and Vista, it may have been manually installed on other Windows versions via Microsoft's download pages. Windows Live Movie Maker is not vulnerable.
The Excel holes affect Office XP, Office 2003, Office System 2007, Office 2004 and 2008 for Mac, the Excel viewer, and Share Point Server 2007. A specially crafted document can cause heap overflows as well as various memory errors that allow attackers to compromise a PC.
Microsoft has rated both updates as important and expects exploits for the vulnerabilities to appear in the wild in the coming weeks. Users are, therefore, advised to install the updates as soon as possible.
No patch has so far been released for the help file and VBScript hole in Internet Explorer under Windows 2000, XP and Server 2003 that was made public early last week. Microsoft say they continue to monitor "the situation" and, as a protective measure, recommend that users refrain from pressing the F1 key when browsing. Apparently no attacks have been registered so far. Windows 7, Vista and Server 2008 are not affected by the problem.
- Microsoft Security Bulletin Summary for March 2010, security advisory from Microsoft.
- Zero day exploit for Internet Explorer, a report from The H.