More critical Microsoft updates, even for Vista

Stephen Withers
Wednesday, 10 June 2009 05:43

Business IT - Security

A remote code execution flaw in the Microsoft Works converters has been fixed. The affected software is Word 2000, 2002, 2003 and 2007 SP1, and Works 8.5 and 9. The Mac versions of Word, Word 2007 SP2, the Word Viewers and the Compatibility Pack for 2007 file formats are unaffected.

The final bulletin describes vulnerabilities in Word that allow remote code execution when a malicious file is opened.

The problem is rated Critical for Word 2000, and Important for Word 2002, 2003, 2004, 2007, 2008, the Word Viewers and the Compatibility Pack for 2007 file formats.

"This month only 6 out of 31 CVEs are related to listening services, a trend that deserves special attention," said Tyler Reguly, senior security engineer with nCircle.

"If you add in MS09-022 (Windows Print Spooler) for interaction with a remote service, you end up with 24 out of 31 CVEs related to local vulnerabilities. Many, including Microsoft, will consider these to be the most critical, yet most of these issues would be far less critical if every computer was operated using the principle of least privilege," he added.

Microsoft has also updated a previous bulletin and provided updates for Office for Mac 2004 and 2008 as well as Works 8.5 and 9. These updates protect against a PowerPoint remote code execution issue.

To round things off, there's a pair of advisories (a new set of ActiveX killbits and a change to DNS devolution), updated versions of the Malicious Software Removal Tool and Windows Mail Junk E-Mail Filter, and cumulative updates for Media Center TVPack for Vista and Media Center for Vista. And you may not have noticed the Root Certificate update that was released late last month.

In related news, Sun has released an updated version of Java for Windows, and Adobe has released the first of its quarterly updates for Acrobat and Reader.