In its Patch Tuesday release for the month of March, Microsoft has released two updates to address eight “important” vulnerabilities in Windows Movie Maker and Microsoft Excel, as well as their related products.
The Windows Movie Maker flaw that Microsoft fixed this Tuesday largely affected XP and Vista versions, and could be exploited by hackers to remotely launch malicious code onto the PCs of the users. The hackers could exploit the flaw for creating and sending a malicious Movie Maker or Producer media file to users via e-mail; and the opening of the file infected the users’ systems with malicious code.
Though the patch also listed Microsoft Producer 2003 as an affected product, Microsoft did not update the application because of it being “a free download with limited distribution.”
Meanwhile, the Tuesday update also patched seven reported vulnerabilities – 4 reported by VeriSign iDefense; and one each by VUPEN, Core Security Technologies, and TippingPoint's Zero Day Initiative - in Microsoft Office Excel, which could also allow remote code execution by attackers.
Over and above the updates, Microsoft also cautioned the users about ‘zero-day’ vulnerability in Internet Explorer (IE), saying that the flaws are being exploited in the wild – with the vulnerable systems being the IE6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and IE 6 and IE7.
Related News
- Microsoft’s June ‘Patch Tuesday’ fixes 34 vulnerabilities
- Microsoft Patch Tuesday to comprise 11 security bulletins for fixing 25 vulnerabilities
- IIS bug patch promised by Microsoft
- Microsoft testing a patch to address critical flaw affecting IE6 and IE7
- Microsoft leaves Mac Office users in the lurch
- Microsoft to issue critical update for Windows Server next week
- Microsoft to release two ‘critical’ security bulletins this Patch Tuesday
