Article

Microsoft to address critical vulnerability in Office Web Components

Neil Roiter, Senior Technology Editor

Microsoft will issue five critical security bulletins in its August Patch Tuesday release next week, including one that affects Microsoft Office, Microsoft Visual Studio, Microsoft ISA Server and Microsoft BizTalk Server, and another for both Windows and the Windows Client for Mac.

In its

Requires Free Membership to View

advance notice issued Thursday, Microsoft said that the critical bulletin affecting Microsoft Office, Microsoft Visual Studio, Microsoft ISA Server and Microsoft BizTalk Server addresses a vulnerability in Microsoft Office Web Components, first raised in security advisory 973472. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, remote code execution is possible and may not require any user intervention.

Four additional updates are rated as important, including one that affects the .NET framework.

Microsoft said that the critical updates to be issued August 11 all involve remote code execution. All the updates, except for the one affecting the .NET Framework, will require system restarts.

The Office-related bulletin may require a restart if the binaries being updated are in use, according to Microsoft security program manager Jerry Bryant. He recommended referring to Knowledge Base article 887012 to reduce the chances of requiring a restart.

The majority of the updates impact most Windows client and server operating systems. The .NET bulletin affects Microsoft Visual Studio .NET 2003 Service Pack 1.