Microsoft warns of security risks in Office, IE By Reed Stevenson Internet Explorer warning

SEATTLE, Aug 22 (Reuters) - Microsoft Corp. (NasdaqNM:MSFT - News) said on Thursday that "critical" security lapses in its Office software and Internet Explorer Web browser put tens of millions of users at risk of having their files read and altered by online attackers.

The world's No. 1 software maker said that an attacker, using e-mail or a Web page, could use Internet related parts of Office to run programs, alter data and wipe out the hard drive as well as view file and clipboard contents on a user's system. Office is a software product that runs on Windows and is used to write documents and crunch numbers.

"Microsoft is committed to keeping customers' information safe, and is providing a patch that eliminates three vulnerabilities in Office Web Components," Microsoft Security Program Manager Christopher Budd said in an e-mail.

In addition, Microsoft reported vulnerabilities in the three latest versions of its dominant Internet Explorer browser software that allows infiltrators to read files.

Microsoft urged users to fix the glitches by downloading software patches from Microsoft's TechNet Web site (http://www.microsoft.com/technet).

"It's important that users get the patch," said Russ Cooper, head of security at TruSecure Corp., a computer security company, and editor of NTBugTraq.

"Typically with these types of issues it will be six to nine months until we see a massive attempt to start exploiting it," Cooper said, adding that a preemptive patch was critical.

Since Office is used by at least 100 million users, the risk of widespread attacks was significant, Cooper said.

The security warnings are the latest headaches for the Redmond, Washington-based software company.

Microsoft, shaken by break-ins to its system and vulnerabilities in its software, launched a "trustworthy computing" campaign earlier this year to improve the security of all of its software.

Since that initiative, which chairman Bill Gates said had cost the company $100 million so far this year, Microsoft has issued at least 30 security bulletins for flaws in its software.

Last week, security experts reported serious flaws in the Internet Explorer browser and a complementary encryption program that could expose credit card and other sensitive information of Internet users.

The Office-related programs vulnerable to attacks include Microsoft Office 2000, Office XP, Money 2002, Money 2003, Project 2002 as well as server software related to such client software, Microsoft said.

Microsoft said it is not aware of any specific security

breaches or the amount of any potential damage that might have occurred due to vulnerabilities in its software.

Back To The Study