Microsoft fixes Excel and Movie Maker security flaws

Microsoft this week released its monthly security patch which addresses a number of significant vulnerabilities including serious security flaws with Windows Movie Maker and Microsoft Excel.

In addition, the company warned that a remote-code execution flaw in versions six and seven of Internet Explorer which is being exploited by hackers for malware attacks. Windows users are being urged patch their systems immediately through Windows Update and to upgrade to Internet Explorer 8.

Details of the Movie Maker and Excel flaws are detailed in Microsoft Security Bulletins MS10-016 and MS10-017.

The following are the executive summaries for the respective bulletins:

MS10-016: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)

This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003. Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS10-017: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)

This security update resolves seven privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Discuss all aspects of Windows Computing in Digital Home’s Windows Computing forum.

Comments are closed.