As covered in the pre-announcement, Microsoft released two bulletins today:
MS06-012: Critical Vulnerability in Microsoft Office, KB905413
This update fixes a number of different Excel vulnerabilities, and a "Malformed Routing Slip" vulnerability which affects muliple Office components.
All the vulnerabilities come down to the same issue: If you open a malformed file, an attacker could get control of the system as the user opening the file.
If you use Microsoft Office, you should apply this patch quickly.
UPDATE: 2006-03-15: PoC exploits have been released. The patch window is closing rapidly.
This vulnerability has been disclosed for a while now. It is important to note that a "service" is not just a "server". Services typically have to run at a higher privilege level as they require access to files across multiple users, and access to system resources.
I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020
Mar 14th 2006
1 decade ago