March 03, 2011

Microsoft fixes coming for Office, Windows flaws

Microsoft is readying three patches for its monthly security update, to be released Tuesday.

One of the fixes is rated "critical," while the other two drew an "important" rating, according to Microsoft's advance notification, released Thursday. The critical bulletin and one of the important patches address issues in Windows, while the third fix affects Office, specifically Groove collaboration software.

In total, Microsoft is plugging four security holes.

Experts at vulnerability management firm Qualys said they expect one of the Windows patches to address a publicly known scripting vulnerability in the MHTML (MIME Encapsulation of Aggregate HTML) protocol handler, used by applications to render certain types of documents. That flaw, which could lead to sensitive information disclosure, was disclosed in late January, roughly a week before the February patches went live.

Microsoft has said it is aware of a publicly available proof-of-concept exploit but does not know of any active attacks.

Related Articles
Related Topics

Sign up to our newsletters

More in News

House Intelligence Committee OKs amended version of controversial CISPA

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.