Fixes a two-month-old Excel exploit, patches another URI protocol handler flaw
Microsoft Corp. issued four critical updates today that quashed 12 bugs in Office, the company's business suite, including a flaw in Excel that has been exploited by attackers for more than two months.
Tuesday's tally was a dramatic decrease from February's, when Microsoft unveiled 11 security bulletins and plugged 17 holes. Of the dozen vulnerabilities disclosed today, however, 11 were ranked "critical," Microsoft's highest rating in its four-step threat-scoring system. That was more than double the number of critical bugs crushed last month. The twelfth vulnerability of today was pegged as "important," the second-highest rating.
There's no question that MS08-014, the bulletin that fixes seven flaws in Microsoft Excel, is the one to work first, said Andrew Storms, director of security operations at nCircle Network Security Inc. "[MS08-]014 is definitely the most important of today's bulletins. It covers so many vulnerabilities and at least one was already known and was being exploited."