Microsoft Issues Alerts About Five New Flaws
REDMOND, Wash. (AP)--Microsoft Corp. (MSFT) on Wednesday reported five new security flaws in its software, including one of "critical" severity that affects nearly all programs in its Office suite of software.
The critical vulnerability could allow an attacker to read files on a victim's computer, run programs or otherwise seize control.
Unlike the flaw that was exploited by the recent Blaster or LovSan worm - which could attack computers even if the user did nothing - a successful attack would require the user to open a tainted e-mail attachment.
The flaw appears in nearly all programs included in Microsoft Office 97, 2000 and XP - Word, Excel, PowerPoint and Access. It also affects other programs that use Microsoft Visual Basic technology, including its Visio 2000 and 2002 and Project 2000 and 2002.
The other four vulnerabilities affect Microsoft Office, Access, Word and Windows, and include flaws of lower severity.
Microsoft has disclosed 38 security flaws so far this year.
微软软件又发现5个安全漏洞
微软公司(Microsoft Corp., MSFT)周三宣布软件中存在5个新的安全漏洞,其中一个重大漏洞几乎可影响到Office软件包中的所有程序。
网络黑客可以利用这一安全瑕疵读取受攻击电脑上的文档,运行程序或者取得电脑的控制权。
与最近遭冲击波病毒(Blaster)或LovSan蠕虫攻击的漏洞不同的是,只有在用户打开受感染的电子邮件附件时,病毒才能利用上述新的漏洞乘虚而入。
这一瑕疵存在于Microsoft Office 97/2000/XP、Word、 Excel、PowerPoint和Access等软件的几乎所有程序中。它还影响到使用Microsoft Visual Basic技术的其他程序,包括Visio 2000/2002和Project 2000/2002。
其他4个漏洞影响到Microsoft Office、Access、Word 和Windows软件,但严重性有所降低。
微软今年迄今为止已公布了38个安全漏洞
