By Keith Regan E-Commerce Times Part of the ECT News Network
09/04/03 11:03 AM PT
In addition to the critical flaw, Microsoft disclosed an "important" vulnerability in some versions of Word that can result in macros running automatically, and an "important" buffer overrun vulnerability in a program that converts documents to Word from WordPerfect.
eMarketer Whitepaper: Optimizing the E-Commerce Experience
From the Web to the Contact Center, are you prepared to proactively engage and keep your savvy customers? Read how e-commerce leaders are optimizing their sites with ratings, reviews, live help, Web analytics, mobile and more.
With many users still reeling in the wake of the Blaster worm and its offspring, Microsoft (Nasdaq: MSFT) has warned that its widely used Office productivity software contains several newly discovered security holes.
The company issued a security bulletin Wednesday, saying one of the flaws warrants a "critical" rating -- its most serious classification. That vulnerability involves code underlying Visual Basic for Applications (VBA), which enables customized applications to be run within Office and could allow an attacker to gain control of a machine remotely.
Microsoft indicated it was unaware of any successful or attempted attacks exploiting the flaws, but the company urged users of a range of Office products, including most versions of Access, Word, Excel and PowerPoint, to apply a patch as soon as possible. Microsoft defines critical flaws as those that could allow Internet-based attacks without requiring action on the user's part, such as opening an executable file.
Double-Edged Sword
Microsoft's decision to publish the warnings underscores its tenuous position with regard to the security of its products, which are a favorite target of hackers because of their ubiquitous and high-profile nature, industry analyst Rob Enderle told the E-Commerce Times.
"If they release a bulletin, they are criticized because their products aren't secure enough, and if they don't, they run an even greater risk," Enderle said. "Microsoft has clearly dedicated a lot of time and corporate resources to getting security under control, but it's going to take some time."
He added that because much of the code underlying Windows has not changed substantially in 20 years, it is a prime target for miscreants.
Holding Up
Still, despite the barrage of media coverage generated by the Blaster worm and its fallout -- and the SQL Slammer worm that ravaged the Internet backbone earlier this year -- Microsoft has not suffered immediate damage to its business, by all accounts.
Although Sun tried to use Blaster to tout its open-source desktop offering, and others have said Microsoft's woes give Linux options a major boost, Microsoft's share price has held up relatively well. The company's stock was trading at US$28.21 Thursday morning, down about a dollar from its 52-week high.
Not So Bad
The three other flaws were considered less serious. One rated only a "moderate" threat categorization, while two were rated "important."
The flaws include an "important" vulnerability in some versions of Word that can result in macros running automatically, an "important" buffer overrun vulnerability in a program that converts documents to Word from WordPerfect, and a "moderate" vulnerability in the Access Snapshot Viewer.
FTC: Identity Theft Worse Than Estimated September 04, 2003
FTC recommendations to deal with identity theft -- monitoring accounts and reporting ID theft to law enforcement -- fall short of preventing exposure of personal information, Electronic Privacy Information Center deputy counsel Chris Hoofnagle told TechNewsWorld.
Related Stories
Critical IE Flaws Add to Windows Headache August 21, 2003
Guardent information security officer Charles Kaplan said he doubts the latest IE flaws will cause the sort of havoc that SoBig.F and other worms have wreaked.
Sun Pushes Mad Hatter in Blaster Worm's Wake August 14, 2003
Aberdeen Group analyst Bill Claybrook said Sun needs to strike quickly to capture an emerging market, though concerns about Linux, which stem from a spate of lawsuits and countersuits being filed by SCO and its opponents, may complicate the situation.
Advisory: Windows Platform Widely Vulnerable to Attack August 01, 2003
Microsoft's latest security breach -- which affects all Windows servers and the Windows XP client -- is the result of relying on outdated protocols that were never meant to be deployed between machines or over networks.
Published Code Exposes Windows Flaw July 28, 2003
Security experts said the discovery and distribution of code to exploit the Windows flaw is consistent with the pattern of vulnerability followed by exploit followed by attack.
Related News Alerts
More by Keith Regan
Yahoo Slaps Fresh Coat of Gloss on Microsoft Deal Defense June 30, 2008
With its shareholders meeting set to take place in less than five weeks, Yahoo has put together a 32-page presentation, emphasizing why the investors should vote to keep the current board in place. The company also reiterated why it chose to partner with Google instead of letting Microsoft buy part of it.
French Court Stings eBay With $63M Judgment Over Knockoff Sales June 30, 2008
eBay is planning to appeal a ruling by a French court that ordered it to pay $63 million to the luxury goods maker Louis Vuitton Moet Hennessey. The court also barred the online auctioneer from selling four brands of perfume on its Web sites accessible in France.
New Auto Loan Leads Marketplace Shifts Into Drive June 30, 2008
Reply.com's move into the auto finance market is a logical one the company, as automotive advertising spending is moving online in increasingly greater amounts. The company is partnering with the Detroit Trading Company to create a massive repository of auto finance leads online.
Headline Feeds
Talkback: 
