Stephen Withers
Wednesday, 10 June 2009 06:43
Business IT -
Security
Page 2 of 3
Multiple vulnerabilities in the Windows Print Spooler allow remote code execution (Windows 2000 only) or privilege elevation (XP, Server 2003, Vista, and Server 2008).
Windows Search (in XP and Server 2003 only) also gets a patch to avoid potential information disclosure if the user previews a maliciously crafted file in the search results, or if the malicious file is the first item in the results. It's only considered a Moderate problem.
Four vulnerabilities allow privilege escalation in all supported versions of Windows. The issue is rated Important in all cases. An attacker must be able to log on locally and not anonymously to exploit the situation.
Also rated Important and affecting all supported versions, a vulnerability in Windows' remote procedure call facility allows privilege escalation. Microsoft points out that affected versions of Windows do not ship with RPC servers or clients that are subject to exploitation of this vulnerability, but third-party applications using RPC could be affected.
The three non-operating system bulletins all concern Microsoft Office.
All three are most serious for Office 2000 (which comes out of support on July 14), where they are regarded as Critical. The rating is Important for Office XP, 2003, 2004, 2007 and 2008, though only two of the issues are relevant to the Mac versions of Microsoft's productivity suite.
A maliciously crafted Excel file can trigger remote code execution. This issue is regarded as Critical on Excel 2000, and Important on Excel 2002, 2003, 2004, 2007, and 2008.
It also affects Excel Viewer, the Compatibility Pack for 2007 file formats, and SharePoint Server 2007, where it is again regarded as a Important issue.
See
page 3 for other Office-related vulnerabilities and more.
LATEST HEADLINES FROM YOUR IT
