Three of the bulletins include updates for 'critical' vulnerabilities that could allow for remote code execution without user input.
A fourth bulletin, rated 'important', fixed vulnerabilities that could allow remote code execution but would require user permission.
Five of the vulnerabilities are for Excel. Microsoft said that elements of an Excel spreadsheet could be specially crafted to allow an attacker to remotely execute code on a system. The vulnerabilities are most serious in Excel 2000.
Also included in the update is a fix for a 'critical' vulnerability in the way Windows handles VML files that could allow for remote code execution. The vulnerability affects Windows 2000, XP, 2003 and Server 2003.
Microsoft Outlook received fixes for three vulnerabilities. Two could lead to remote code execution, while a third could be used to trigger a denial of service attack. Outlook 2007 is not affected by any of the vulnerabilities, according to Microsoft.
The remaining vulnerability is in the Brazilian Portuguese grammar checker in Office 2003 that could allow for remote code execution.
Microsoft revealed yesterday that it would be holding back four security patches after saying last week that eight bulletins would be included in the update.
iTnews Cloud Covered Breakfast Summit
Huntress _declassified Virtual Event
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
Melbourne Cloud & Datacenter Convention 2026
iTnews Executive Retreat - Data & AI Edition
_(1).jpg&h=140&w=231&c=1&s=0)
