computerwoche.de

Archiv

Microsoft patches 20 bugs, including critical Word flaw

09.10.2012
Microsoft today patched 20 vulnerabilities in Word, Office, Windows, SharePoint Server, SQL Server and other products in its portfolio, including a critical bug in the company's popular Word program and another already used to attack the company's own online services.

Of Tuesday's seven security updates, one was labeled "critical," Microsoft's most-severe threat ranking, while the others were pegged as "important," the next-most-serious rating.

The critical update for Word affected all versions of Microsoft's word processor on Windows, including Word 2003, 2007 and 2010; Word Viewer, the add-on that lets users who don't own Word view and print documents; and Office Web Apps, the free online editions of Word, Excel, PowerPoint and OneNote.

All the security researchers Computerworld contacted Tuesday urged users to install , the critical Word update, as soon as possible.

Of special note, they said, was that one of the two bugs in Word could be exploited if users simply viewed a malformed RTF (rich text file) document in Outlook 2007 or Outlook 2010, which rely on Word as their default editing engine.

"Word is set as the editor for Outlook, so if you preview [a malicious RTF document], boom ... you've been hacked," said Andrew Storms, director of security operations at nCircle Security.