MICROSOFT plans to improve on its security on its Office 2003 and 2007 by adding a feature to the older versions of its productivity software that opens files in Protected View as it recently plugged 40 holes with 17 patches.
According to Jerry Bryant, group manager, response communications, Microsoft’s Trustworthy Computing Group, customers should focus on the two critical bulletins that are part of Microsoft’s monthly Patch security update, and the first is MS10-090, a cumulative update for Internet Explorer (IE).
It fixes seven vulnerabilities in the browser and affects IE 6, 7 and 8, as there have been attacks targeting IE 6 on Windows XP.
Bryant said the other critical bulletin is MS10-091, which fixes several vulnerabilities in the Windows Open Type Font driver, and it affects all versions of Windows, primarily on third-party browsers that actively render the Open Type Font which IE does not. He stated that Microsoft will be porting Office File Validation, which is currently in Office 2010, to Office 2003 and Office 2007 by the first quarter of 2011.
The move will help protect customers from attacks that target about 80 per cent of the Office vulnerabilities.