PandaLabs has warned users of two vulnerabilities that have been corrected by Microsoft. The first, as reported in Microsoft Security Bulletin MS06-011, corrects an error that could allow an attacker to gain control of the affected system. An attacker could therefore, install programs with serious consequences or carry out any task without the user realizing.
The systems affected are Microsoft Windows XP Service Pack 1 and Microsoft Windows Server 2003 (also the version for Itanium systems).
The second update, reported in the bulletin MS06-012, corrects a similar error to the aforementioned error, as it could also allow an attacker to gain control of the system, if users log on as the system administrator.
According to the second bulletin, the systems affected are Office 2000 SP 3, Office XP SP 3, Office 2003 SP 1 or 2 and Microsoft Works Suites, versions 2000 to 2006. Office for Mac (versions X and 2004) is also affected.
PandaLabs has stressed the severity of these security problems. It also reminds users to install the updates as soon as possible. In this case, it is particularly important, because by allowing programs to be installed, these vulnerabilities are the perfect scenario for falling victim to new malware dedicated to cyber-crime.
Microsoft Security Bulletin MS06-011
Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798)
Published: March 14, 2006
Microsoft Security Bulletin MS06-012
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)
Published: March 14, 2006
Comment Preview