Severity: High
12 August, 2008
Summary:
§ These vulnerabilities affect: Most current versions of Microsoft Office for Windows, and in some cases for Mac (and some other Office-related programs)
§ How an attacker exploits them: Multiple vectors of attack, including enticing your users into opening maliciously crafted Office documents, or visiting a malicious web site
§ Impact: An attacker can execute code, potentially gaining complete control of your computer
§ What to do: Install the appropriate Office or Office-related patches immediately
Severity: High
12 August, 2008
Summary:
§ These vulnerabilities affect: Most current versions of Microsoft Office for Windows, and in some cases for Mac (and some other Office-related programs)
§ How an attacker exploits them: Multiple vectors of attack, including enticing your users into opening maliciously crafted Office documents, or visiting a malicious web site
§ Impact: An attacker can execute code, potentially gaining complete control of your computer
§ What to do: Install the appropriate Office or Office-related patches immediately
Exposure:
Today, Microsoft released five security bulletins describing a fourteen vulnerabilities found in components or programs that ship with Microsoft Office for Windows, and in some cases Office for Mac. Some of the vulnerabilities also affect Microsoft Works, Project, and SharePoint Server. Each vulnerability affects different versions of Office to a different extent.
The flaws affect different components and applications within Office, but the result is always the same. Either by enticing one of your users to download and view a specially crafted Office document, or by luring one of your users to a malicious web page, an attacker can exploit these vulnerabilities to execute code on the victim’s computer, usually inheriting that user’s level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the victim’s machine.
An attacker can exploit many of these flaws using just about any kind of Office document. While three of Microsoft’s bulletins specifically mention Excel (.xls and xlsx), Word (.doc), and PowerPoint (.ppt) files, another bulletin mentions malicious image files that an attacker could embed into many types of Office documents, as well as emails and web sites. So, beware of all unexpected Office documents.
If you’d like to learn more about each individual flaw, drill into the “Vulnerability Details” section of the security bulletins listed below:
§ MS08-041: Access Snapshot Viewer ActiveX control vulnerability. The Snapshot Viewer ActiveX control is an Access component that ships with Office and allows you to view Access report snapshots without having the main Access program installed. The control suffers from an unspecified vulnerability having to do with a synchronization issue when saving files. By enticing one of your users to a malicious web site that leverages the flawed ActiveX control, an attacker could exploit this vulnerability to execute code on that user’s machine, and possibly gain control of it. – Microsoft rating: Critical.
§ MS08-042: Word record parsing vulnerability. This bulletin describes a vulnerability in how Word parses maliciously crafted documents. By luring one of your users into downloading and opening a malicious Word document, an attacker could exploit this flaw to execute code, potentially gaining complete control of that user’s computer. – Microsoft rating: Important.
§ MS08-043: Multiple Excel vulnerabilities. This bulletin describes four vulnerabilities involving how Excel handles maliciously crafted Excel documents. By tricking one of your users into downloading and opening an Excel document, an attacker could exploit most of these flaws to execute code, potentially gaining complete control of that user’s computer. – Microsoft rating: Critical.
§ MS08-044: Multiple Office filter vulnerabilities. This bulletin describes five vulnerabilities involving how the Office filter handles various image files, including BMPs, WPGs, PICTs, and EPS files. By tricking one of your users into downloading a maliciously crafted image and opening it in Office, an attacker could exploit any of these flaws to execute code, potentially gaining complete control of that user’s computer. The attacker could also host this sort of malicious image on a web site, or even embed it into an Office document. – Microsoft rating: Critical.
§ MS08-051: Multiple PowerPoint vulnerabilities. This bulletin describes three vulnerabilities involving how PowerPoint handles maliciously crafted PowerPoint documents. By enticing one of your users into downloading and opening such a PowerPoint presentation, an attacker could exploit these flaws to execute code, potentially gaining complete control of that user’s computer. – Microsoft rating: Critical.
Solution Path:
Microsoft has released patches for Office (and a few related programs) to correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.
Access update for:
Word update for:
Excel update for:
§ 2007 Microsoft Office System
§ Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Also affects:
§ SharePoint Server 2007 x64 Edition
Also affects:
§ Works 8
PowerPoint update for:
§ 2007 Microsoft Office System
§ Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
For All WatchGuard Users:
Attackers exploit some of these vulnerabilities by enticing your users into downloading and viewing various Office documents. You can configure some of WatchGuard’s Firebox models to block all Office documents. However, most organizations need to allow Office documents in order to conduct business, and blocking them could bring your business to a halt. Furthermore, the remaining attacks travel as normal-looking HTTP traffic, which you must allow if your network users need to access the World Wide Web. Therefore, the patches above are your best solution.
Status:
Microsoft has released patches correcting these issues.
References:
§ Microsoft Security Bulletin MS08-041
§ Microsoft Security Bulletin MS08-042
§ Microsoft Security Bulletin MS08-043
§ Microsoft Security Bulletin MS08-044
- Microsoft Security Bulletin MS08-051