New Office Bulletin Fixes 6 Critical Flaws

Flaws allowing remote code execution in Microsoft Office and elevation of privilege in Windows were the source for two security bulletins posted by the software giant on Tuesday.

Microsoft had warned customers last week that the two bulletins would be coming.

The Office bulletin is the more serious of the two. Rated critical, bulletin MS06-012 actually includes fixes for six distinct critical flaws. Some of the vulnerabilities were privately reported, as Microsoft requests, while others had been made public. According to Microsoft, all the flaws involve malformed inputs and are fixed in a similar way.

The flaws affect applications in the Office 2000, Office XP, Office 2003, Office X for Mac, Office 2004 for Mac and Microsoft Works suites.

The Windows bulletin, MS06-011, involves a publicly-disclosed vulnerability involving certain Windows services. The elevation of privileges flaw could allow an attacker to take complete control of an affected system. While the flaw is rated an "important" risk in Windows XP Service Pack 1 and a "moderate" risk in Windows Server 2003, it is non-existent in Windows XP SP2 and Windows Server 2003 SP1.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft Previews Whiteboard Support in Teams Rooms Devices

    A preview of a new Microsoft Teams Rooms feature will enable organizations to use images of physical whiteboards as a dynamic space for videoconferencing.

  • 2019 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss this year.

  • Microsoft Warns of Heightened Threat of 'BlueKeep' Attacks

    Older Windows systems using Microsoft's Remote Desktop Services are at acute risk of remote code execution attacks due to the "BlueKeep" vulnerability.

  • The 2019 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generation of HoloLens, here's what's on tap from Microsoft this year.