New Office Bulletin Fixes 6 Critical Flaws

Flaws allowing remote code execution in Microsoft Office and elevation of privilege in Windows were the source for two security bulletins posted by the software giant on Tuesday.

Microsoft had warned customers last week that the two bulletins would be coming.

The Office bulletin is the more serious of the two. Rated critical, bulletin MS06-012 actually includes fixes for six distinct critical flaws. Some of the vulnerabilities were privately reported, as Microsoft requests, while others had been made public. According to Microsoft, all the flaws involve malformed inputs and are fixed in a similar way.

The flaws affect applications in the Office 2000, Office XP, Office 2003, Office X for Mac, Office 2004 for Mac and Microsoft Works suites.

The Windows bulletin, MS06-011, involves a publicly-disclosed vulnerability involving certain Windows services. The elevation of privileges flaw could allow an attacker to take complete control of an affected system. While the flaw is rated an "important" risk in Windows XP Service Pack 1 and a "moderate" risk in Windows Server 2003, it is non-existent in Windows XP SP2 and Windows Server 2003 SP1.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft Opens Azure Sentinel Marketplace for Partner Solutions

    Microsoft recently announced preview releases of several Azure Sentinel improvements, including connectors for partner solutions within Azure Sentinel.

  • 2021 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • After High-Profile Attacks, Biden Calls for Better Software Security

    Recent high-profile security attacks have prompted the Biden administration to issue an executive order aiming to tighten software security practices across the board.