Office vulnerability bites Apple

This week, Windows and Apple Mac users have been advised to take heed of a warning issued by Microsoft of critical security flaws in its Office products, says Brett Myroff, CEO of Sophos distributor, Netxactics.

"As part of its monthly 'Patch Tuesday` schedule, Microsoft has issued a number of bulletins about 12 security vulnerabilities in its software. Seven of the vulnerabilities affect Microsoft Excel, and could allow a hacker to gain remote control over a user`s computer by a maliciously crafted spreadsheet," he explains.

According to Myroff, the vulnerability is not only found in the Windows version of Microsoft Excel, but also for Mac Office 2004 and the recently released Office 2008 for Macintosh.

Sophos notes the Excel flaws were discovered in January, and recommends that organisations roll-out the patches as a matter of urgency, as some of them could enable hackers to access data on a vulnerable PC or Macintosh, or run malicious code such as a worm.

Showing low to medium prevalence, the Troj/SloLane-A Trojan has also been noted. Affecting the Windows platform, it includes functionality to access the Internet and communicate with a remote server via HTTP, says Myroff.

The W32/Simer-A virus has also been detected and affects the Windows operating system. It spreads via infected files, Myroff says.

"Troj/Dloadr-BJE, a Trojan for the Windows platform, is also making the rounds. It attempts to contact a remote server via HTTP. Also of some concern is the Troj/DNSChan-MG Trojan."

Furthermore, says Myroff, the Joke/Ttub-A, a joke program that displays a pornographic image, also emerged this week.

"While windows users may be fairly accustomed to installing patches from Microsoft, it is becoming apparent that Apple Mac users need to be just as diligent when it comes to matters of computer security," says Myroff.

"Whether you run a PC or a Mac, it`s important to take the latest security bulletins from Microsoft seriously and ensure your business is properly protected."

Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for Microsoft security vulnerabilities.

Sophos suggests that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.