VOICE OF REASON TO MICROSOFT SECURITY BULLETIN - OCTOBER
- 11 October, 2006 14:48
<p>Today, Microsoft issued information on 10 security bulletins. The following summary provides Symantec’s evaluation of the most critical issues.</p>
<p>Vulnerabilities in Microsoft Office, Word, Excel, and PowerPoint</p>
<p>Symantec Security Response rates the four security bulletins concerning Microsoft Office applications to be critical. Each bulletin addresses multiple vulnerabilities in Microsoft Office, Word, Excel, and PowerPoint. Some of these vulnerabilities have already been publicly disclosed. In some cases, available exploit code is actively taking advantage of these issues. Examples of active exploits include the Excel zero-day exploit using Trojan.Hongmosa and the Word zero-day exploit using Trojan.MDropper.Q which Symantec observed in July and September respectively.</p>
<p>“Symantec’s recent Internet Security Threat Report demonstrated that attackers have an increasing tendency to exploit vulnerabilities in desktop applications rather than network infrastructure,” said Oliver Friedrichs, director, Symantec Security Response. “The quantity of Microsoft Office vulnerabilities this month illustrates this emerging attacker focus, and users should consider the installation of these patches to be a critical component of a smart security strategy.”</p>
<p>Symantec recommends the following actions for IT administrators:
· Evaluate the possible impact of these vulnerabilities to critical systems.
· Plan for required responses including patch deployment and implementation of security best practices using the appropriate security and availability solutions.
· Take proactive steps to protect the integrity of networks and information.
· Verify that appropriate data backup processes and safeguards are in place and effective.
· Remind users to exercise caution in opening all unknown or unexpected e-mail attachments and in following Web links from unknown or unverified sources.</p>
<p>Symantec recommends the following actions for consumers:
· Regularly run Microsoft Update and install the latest security updates to keep software up-to-date.
· Avoid opening unknown or unexpected e-mail attachments or following Web links from unknown or unverified sources.
Use an Internet security solution such as Norton Internet Security to protect against today's known and tomorrow's unknown threats.</p>
<p>Additional information will be available on Symantec’s Security Response Blog shortly at:</p>
<p>Additional information on Microsoft’s security bulletins can be found at:</p>
<p>Symantec’s security experts will closely monitor further information related to these vulnerabilities and will provide updates and security content as necessary. Please let me know if you have any questions.</p>
<p>(61 2) 9954 3492</p>